# Cloud / Central layer composition.
# Includes all cloud-relevant stacks and defines the 4-network topology.
# Run: cp .env.example .env  &&  docker compose up -d

name: cloud

# Uncomment includes as each stack is hardened beyond stub.
include:
  # Foundation (round 3) — ingress, auth backing store, ops console
  - ../stacks/nginx-proxy/compose.yml
  - ../stacks/sql/compose.yml
  - ../stacks/portainer/compose.yml
  # Core identity + VPN
  # - ../stacks/wireguard-server/compose.yml
  # - ../stacks/keycloak/compose.yml
  # Data
  # - ../stacks/influxdb/compose.yml
  # Apps
  # - ../stacks/node-red/compose.yml
  # - ../stacks/grafana/compose.yml
  # - ../stacks/gitea/compose.yml
  # - ../stacks/jenkins/compose.yml
  # Messaging + mail
  # - ../stacks/rabbitmq/compose.yml
  # - ../stacks/postfix/compose.yml
  # ML / notebooks
  # - ../stacks/mlflow/compose.yml
  # - ../stacks/jupyterhub/compose.yml
  # FROST (when deployed)
  # - ../stacks/mosquitto/compose.yml

# NOTE on portainer transition:
#   The portainer stack publishes 9443+8000 for standalone first-run use.
#   When bringing it up through this cloud compose, take the standalone
#   instance down first (`cd stacks/portainer && docker compose down`) and
#   comment out the `ports:` block in stacks/portainer/compose.yml so
#   nginx-proxy is the only ingress. Access then via https://portainer.wbd-rd.nl/.

networks:
  edge:
    name: cloud-edge
    driver: bridge
  app:
    name: cloud-app
    driver: bridge
  data:
    name: cloud-data
    driver: bridge
    internal: true       # databases — no internet egress
  mgmt:
    name: cloud-mgmt
    driver: bridge