services:
  # ---------------------------------------------------------
  # 1. Init-Container: erzeugt harbor.yml + Self-Signed TLS
  # ---------------------------------------------------------
  harbor-config:
    image: alpine:${ALPINE_VERSION:-3.19}
    container_name: ${HARBOR_CONFIG_CONTAINER:-harbor-config}
    entrypoint: ["/bin/sh", "-c"]
    command: |
      set -e

      # TLS-Verzeichnis erstellen
      mkdir -p ${HARBOR_DATA_PATH:-/data/harbor}/tls

      # Self-Signed Zertifikat erzeugen, falls nicht vorhanden
      if [ ! -f "${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.crt" ]; then
        echo "Generating self-signed certificate..."
        openssl req -x509 -nodes -newkey rsa:2048 \
          -keyout ${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.key \
          -out ${HARBOR_DATA_PATH:-/data/harbor}/tls/harbor.crt \
          -subj "/CN=${HARBOR_HOSTNAME:-harbor.local}"
      fi

      # Harbor-Konfiguration erzeugen
      cat <<EOF > /config/harbor.yml
      hostname: ${HARBOR_HOSTNAME:-harbor.local}

      http:
        port: ${HARBOR_HTTP_PORT:-8080}

      https:
        port: ${HARBOR_HTTPS_PORT:-8443}
        certificate: /etc/harbor/tls/harbor.crt
        private_key: /etc/harbor/tls/harbor.key

      harbor_admin_password: ${HARBOR_ADMIN_PASSWORD:-Harbor12345}

      data_volume: ${HARBOR_DATA_PATH:-/data/harbor}

      log:
        level: ${HARBOR_LOG_LEVEL:-info}
      EOF
    volumes:
      - "${HARBOR_DATA_PATH:-/data/harbor}/config:/config"
      - "${HARBOR_DATA_PATH:-/data/harbor}/tls:/etc/harbor/tls:ro"
    restart: "no"
    networks:
      - harbor

  # ---------------------------------------------------------
  # 2. Harbor Services (v2.11.x)
  # ---------------------------------------------------------
  log:
    image: goharbor/harbor-log:${HARBOR_VERSION:-v2.11.0}
    container_name: ${HARBOR_LOG_CONTAINER:-harbor-log}
    restart: always
    volumes:
      - "${HARBOR_DATA_PATH:-/data/harbor}/log:/var/log/docker"
    networks:
      - harbor
    depends_on:
      - harbor-config

  registry:
    image: goharbor/registry-photon:${HARBOR_VERSION:-v2.11.0}
    container_name: ${HARBOR_REGISTRY_CONTAINER:-harbor-registry}
    restart: always
    volumes:
      - "${HARBOR_DATA_PATH:-/data/harbor}/registry:/storage"
    networks:
      - harbor
    depends_on:
      - harbor-config

  core:
    image: goharbor/harbor-core:${HARBOR_VERSION:-v2.11.0}
    container_name: ${HARBOR_CORE_CONTAINER:-harbor-core}
    restart: always
    environment:
      - CORE_SECRET=${HARBOR_CORE_SECRET:-coresecret}
      - JOBSERVICE_SECRET=${HARBOR_JOB_SECRET:-jobsecret}
    volumes:
      - "${HARBOR_DATA_PATH:-/data/harbor}/core:/data"
      - "${HARBOR_DATA_PATH:-/data/harbor}/config:/etc/harbor"
    networks:
      - harbor
    depends_on:
      - registry
      - database
      - redis

  portal:
    image: goharbor/harbor-portal:${HARBOR_VERSION:-v2.11.0}
    container_name: ${HARBOR_PORT