# Deploy descriptor for the Telegram connector (the platform side-service).
#
# Networking mirrors the sibling ../15-puzzle/deploy/docker-compose.yml:
#   - The `vpn` sidecar (developer/amneziawg-sidecar) holds the tunnel and provides
#     the netns shared by `app` (network_mode: "service:vpn"). All of the
#     connector's egress to api.telegram.org therefore leaves through the tunnel.
#   - `vpn` is the one attached to the external `edge` network, with the alias
#     `telegram`, so the other services reach the connector's gRPC port at
#     `telegram:9091` inside the shared netns. The connector needs NO public
#     ingress — it long-polls Telegram and only answers internal gRPC.
#
# The connector joins the same `edge` network as `backend` and `gateway` (the full
# service set rolled out together on a dev-environment deploy). The gateway calls it
# with GATEWAY_CONNECTOR_ADDR=telegram:9091; the backend admin surface (Stage 10)
# will use the same address. The single public ingress for the host reverse proxy
# (caddy) is the gateway's HTTP port, which also serves the Mini App under /telegram/
# (ARCHITECTURE.md §13). The full multi-service compose lands with Stage 12; this is
# the connector-scoped descriptor.
name: scrabble-telegram

services:
  vpn:
    container_name: scrabble-telegram-vpn
    image: docker.iliadenisov.ru/developer/amneziawg-sidecar:latest
    restart: unless-stopped
    privileged: true
    environment:
      AWG_CONF: ${AWG_CONF:?set AWG_CONF}
    networks:
      edge:
        aliases:
          - telegram

  app:
    container_name: scrabble-telegram
    image: scrabble-telegram:latest
    build:
      # Build from the repository root so go.work, pkg/ and platform/telegram/ are
      # all in the Docker context (see platform/telegram/Dockerfile).
      context: ../../..
      dockerfile: platform/telegram/Dockerfile
    restart: unless-stopped
    depends_on:
      - vpn
    network_mode: "service:vpn"
    environment:
      # The bot tokens live ONLY in this container (ARCHITECTURE.md §12). One bot per
      # service language (en/ru); at least one token is required (the connector
      # validates this at boot — compose cannot express "one of").
      TELEGRAM_BOT_TOKEN_EN: ${TELEGRAM_BOT_TOKEN_EN:-}
      TELEGRAM_BOT_TOKEN_RU: ${TELEGRAM_BOT_TOKEN_RU:-}
      TELEGRAM_GAME_CHANNEL_ID_EN: ${TELEGRAM_GAME_CHANNEL_ID_EN:-}
      TELEGRAM_GAME_CHANNEL_ID_RU: ${TELEGRAM_GAME_CHANNEL_ID_RU:-}
      TELEGRAM_MINIAPP_URL: ${TELEGRAM_MINIAPP_URL:?set TELEGRAM_MINIAPP_URL}
      TELEGRAM_GRPC_ADDR: ${TELEGRAM_GRPC_ADDR:-:9091}
      # Set to true when deploying into Telegram's test environment.
      TELEGRAM_TEST_ENV: ${TELEGRAM_TEST_ENV:-false}
      TELEGRAM_API_BASE_URL: ${TELEGRAM_API_BASE_URL:-}

networks:
  edge:
    external: true