version: "3.9"

services:
  powerdns:
    image: ${PDNS_IMAGE:-powerdns/pdns:latest}
    container_name: ${PDNS_CONTAINER_NAME:-powerdns}
    restart: unless-stopped
    
    # Die Umgebungsvariablen dienen jetzt nur noch als Futter für das Script
    environment:
      PDNS_API_KEY: ${PDNS_API_KEY:-changeme}
      PDNS_API_ALLOW_FROM: ${PDNS_API_ALLOW_FROM:-0.0.0.0/0,::/0}
      PDNS_LAUNCH: ${PDNS_LAUNCH:-gsqlite3}
      PDNS_GSQLITE3_DATABASE: ${PDNS_GSQLITE3_DATABASE:-/data/pdns.sqlite3}
      PDNS_GPGSQL_HOST: ${PDNS_GPGSQL_HOST:-}
      PDNS_GPGSQL_PORT: ${PDNS_GPGSQL_PORT:-5432}
      PDNS_GPGSQL_USER: ${PDNS_GPGSQL_USER:-}
      PDNS_GPGSQL_PASSWORD: ${PDNS_GPGSQL_PASSWORD:-}
      PDNS_GPGSQL_DBNAME: ${PDNS_GPGSQL_DBNAME:-}
      PDNS_LOG_LEVEL: ${PDNS_LOG_LEVEL:-6}

    entrypoint: ["/bin/sh","-lc"]
    command:
      - |
        set -eu
        mkdir -p /etc/powerdns/pdns.d
        
        # Suche das Binary an den zwei wahrscheinlichsten Orten
        if [ -f /usr/local/sbin/pdns_server ]; then
            PDNS_BIN="/usr/local/sbin/pdns_server"
        elif [ -f /usr/sbin/pdns_server ]; then
            PDNS_BIN="/usr/sbin/pdns_server"
        else
            # Notlösung: Suche im gesamten System
            PDNS_BIN=$$(find /usr -name pdns_server | head -n 1)
        fi

        # Konfiguration schreiben
        cat > /etc/powerdns/pdns.d/99-env.conf <<EOF
        api=yes
        webserver=yes
        webserver-address=0.0.0.0
        webserver-port=8081
        api-key=$${PDNS_API_KEY}
        webserver-allow-from=$${PDNS_API_ALLOW_FROM}
        loglevel=$${PDNS_LOG_LEVEL}
        launch=$${PDNS_LAUNCH}
        EOF

        if [ "$${PDNS_LAUNCH}" = "gsqlite3" ]; then
          echo "gsqlite3-database=$${PDNS_GSQLITE3_DATABASE}" >> /etc/powerdns/pdns.d/99-env.conf
        fi

        if [ -z "$$PDNS_BIN" ]; then
            echo "ERROR: pdns_server not found!"
            exit 1
        fi

        echo "Generated config. Starting $$PDNS_BIN..."
        exec $$PDNS_BIN --daemon=no --guardian=no --control-console


    volumes:
      - ${PDNS_DATA_PATH:-pdns-data}:/data

    networks:
      - proxy

    ports:
      - "${PDNS_PUBLIC_IPV4:-0.0.0.0}:${PDNS_PUBLIC_PORT:-53}:53/tcp"
      - "${PDNS_PUBLIC_IPV4:-0.0.0.0}:${PDNS_PUBLIC_PORT:-53}:53/udp"
      - "[${PDNS_PUBLIC_IPV6:-::}]:${PDNS_PUBLIC_PORT6:-53}:53/tcp"
      - "[${PDNS_PUBLIC_IPV6:-::}]:${PDNS_PUBLIC_PORT6:-53}:53/udp"

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.powerdns.rule=Host(`${PDNS_TRAEFIK_HOST:-dns.example.com}`)"
      - "traefik.http.routers.powerdns.entrypoints=${PDNS_TRAEFIK_ENTRYPOINT:-websecure}"
      - "traefik.http.routers.powerdns.tls=true"
      - "traefik.http.routers.powerdns.tls.certresolver=${PDNS_TRAEFIK_CERTRESOLVER:-letsencrypt}"
      - "traefik.http.services.powerdns.loadbalancer.server.port=8081"
      - "traefik.http.routers.powerdns-insecure.rule=Host(`${PDNS_TRAEFIK_HOST:-dns.example.com}`)"
      - "traefik.http.routers.powerdns-insecure.entrypoints=web"
      - "traefik.http.routers.powerdns-insecure.middlewares=powerdns-redirect"
      - "traefik.http.middlewares.powerdns-redirect.redirectscheme.scheme=https"

volumes:
  pdns-data:

networks:
  proxy:
    external: true