# PPanel 从机部署：远程 MySQL 从库 + Redis 从库/Sentinel + 额外业务实例
#
# 使用方式:
# 1. 将 docker-compose.replica.yml, configs/, mysql/, redis/, tempo/ 上传到从机同一目录
# 2. .env 中填写主机公网 IP: MASTER_MYSQL_HOST, MASTER_REDIS_HOST
# 3. 先按 doc/remote-replication-zh.md 导入主库备份，再运行 replication-setup profile
# 4. 业务实例的 configs/ppanel.yaml 必须指向主 MySQL 和主 Redis，不要指向本机从库

services:
  ppanel-server:
    image: registry.kxsw.us/vpn-server:${PPANEL_SERVER_TAG:-latest}
    container_name: ppanel-server
    restart: always
    volumes:
      - ./configs:/app/etc
      - ./logs:/app/logs
      - ./cache:/app/cache
    environment:
      - TZ=Asia/Shanghai
    network_mode: host
    ulimits:
      nproc: 65535
      nofile:
        soft: 65535
        hard: 65535
    depends_on:
      tempo:
        condition: service_started
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  mysql-replica:
    image: mysql:8.0
    container_name: ppanel-mysql-replica
    restart: always
    ports:
      - "127.0.0.1:3307:3306"
    environment:
      MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD:?请在 .env 文件中设置 MYSQL_ROOT_PASSWORD}"
      MYSQL_DATABASE: "${MYSQL_DATABASE:-ppanel}"
      TZ: Asia/Shanghai
    command:
      - --default-authentication-plugin=mysql_native_password
      - --innodb_buffer_pool_size=16G
      - --innodb_buffer_pool_instances=16
      - --innodb_log_file_size=2G
      - --innodb_flush_log_at_trx_commit=2
      - --innodb_io_capacity=5000
      - --max_connections=5000
    volumes:
      - ./mysql/replica.cnf:/etc/mysql/conf.d/replication.cnf:ro
      - mysql_replica_data:/var/lib/mysql
    ulimits:
      nproc: 65535
      nofile:
        soft: 65535
        hard: 65535
    networks:
      - ppanel_net
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-uroot", "-p${MYSQL_ROOT_PASSWORD}"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  mysql-replica-setup:
    image: mysql:8.0
    container_name: ppanel-mysql-replica-setup
    profiles:
      - replication-setup
    environment:
      MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD:?请在 .env 文件中设置 MYSQL_ROOT_PASSWORD}"
      MASTER_MYSQL_HOST: "${MASTER_MYSQL_HOST:?请在 .env 文件中设置 MASTER_MYSQL_HOST}"
      MASTER_MYSQL_PORT: "${MASTER_MYSQL_PORT:-3306}"
      MYSQL_REPLICATION_USER: "${MYSQL_REPLICATION_USER:?请在 .env 文件中设置 MYSQL_REPLICATION_USER}"
      MYSQL_REPLICATION_PASSWORD: "${MYSQL_REPLICATION_PASSWORD:?请在 .env 文件中设置 MYSQL_REPLICATION_PASSWORD}"
      REPLICA_MYSQL_HOST: mysql-replica
      REPLICA_MYSQL_PORT: "3306"
    volumes:
      - ./mysql/configure-replica.sh:/scripts/configure-replica.sh:ro
    entrypoint:
      - /bin/sh
      - /scripts/configure-replica.sh
    networks:
      - ppanel_net
    depends_on:
      mysql-replica:
        condition: service_healthy

  redis-replica:
    image: redis:8.2.1
    container_name: ppanel-redis-replica
    restart: always
    environment:
      REDIS_PASSWORD: "${REDIS_PASSWORD:?请在 .env 文件中设置 REDIS_PASSWORD}"
    ports:
      - "127.0.0.1:6380:6379"
    command:
      - redis-server
      - --replicaof
      - "${MASTER_REDIS_HOST:?请在 .env 文件中设置 MASTER_REDIS_HOST}"
      - "${MASTER_REDIS_PORT:-6379}"
      - --masterauth
      - "${REDIS_PASSWORD:?请在 .env 文件中设置 REDIS_PASSWORD}"
      - --requirepass
      - "${REDIS_PASSWORD:?请在 .env 文件中设置 REDIS_PASSWORD}"
      - --appendonly
      - "yes"
      - --tcp-backlog
      - "65535"
      - --maxmemory-policy
      - allkeys-lru
    volumes:
      - redis_replica_data:/data
    ulimits:
      nproc: 65535
      nofile:
        soft: 65535
        hard: 65535
    networks:
      - ppanel_net
    healthcheck:
      test: ["CMD-SHELL", "redis-cli -a \"$${REDIS_PASSWORD}\" ping | grep -q PONG"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  redis-sentinel:
    image: redis:8.2.1
    container_name: ppanel-redis-sentinel
    restart: always
    ports:
      - "127.0.0.1:26379:26379"
    command:
      - sh
      - -c
      - |
        printf '%s\n' \
          'port 26379' \
          'dir /tmp' \
          'sentinel monitor ppanel-redis-master ${MASTER_REDIS_HOST} ${MASTER_REDIS_PORT:-6379} 2' \
          'sentinel auth-pass ppanel-redis-master ${REDIS_PASSWORD}' \
          'sentinel down-after-milliseconds ppanel-redis-master 10000' \
          'sentinel failover-timeout ppanel-redis-master 60000' \
          'sentinel parallel-syncs ppanel-redis-master 1' \
          > /tmp/sentinel.conf
        exec redis-server /tmp/sentinel.conf --sentinel
    networks:
      - ppanel_net
    depends_on:
      - redis-replica
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  tempo:
    image: grafana/tempo:2.4.1
    container_name: ppanel-tempo
    user: root
    restart: always
    command:
      - "-config.file=/etc/tempo.yaml"
      - "-target=all"
    volumes:
      - ./tempo/tempo-config.yaml:/etc/tempo.yaml
      - ./tempo_data:/var/tempo
    ports:
      - "127.0.0.1:4317:4317"
    networks:
      - ppanel_net
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

volumes:
  mysql_replica_data:
  redis_replica_data:
  tempo_data:

networks:
  ppanel_net:
    name: ppanel_net
    driver: bridge