services:
  dnsmasq:
    image: strm/dnsmasq
    container_name: pxe-dnsmasq
    network_mode: "host" # Indispensable pour que le DHCP écoute sur eth0 et eth1 nativement
    cap_add:
      - NET_ADMIN
    volumes:
      - ./dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf:ro
      - ./tftpboot:/var/lib/tftpboot:ro
    restart: unless-stopped

  nginx:
    image: nginx:alpine
    container_name: pxe-http
    network_mode: "host" # Pour exposer facilement sur toutes les interfaces
    volumes:
      - ./www:/usr/share/nginx/html:ro
    restart: unless-stopped

keycloak:
    image: quay.io/keycloak/keycloak:latest
    command: start-dev # Pour le test, nécessite une config en prod
    environment:
      KC_DB: dev-file
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin_password_temporaire
    ports:
      - "8080:8080"

# --- Serveur NFS pour les /home ---
  nfs:
    image: erichough/nfs-server
    container_name: pxe-nfs
    network_mode: host
    privileged: true # Requis pour le serveur NFS en conteneur
    environment:
      - NFS_EXPORT_0=/mnt/usb-data/homes *(rw,sync,no_subtree_check,no_root_squash)
    volumes:
      - /mnt/usb-data/homes:/mnt/usb-data/homes
      - /lib/modules:/lib/modules:ro
    restart: unless-stopped

  # --- Serveur de Logs (Loki) ---
  loki:
    image: grafana/loki:latest
    container_name: pxe-loki
    ports:
      - "3100:3100"
    command: -config.file=/etc/loki/local-config.yaml
    volumes:
      - /mnt/usb-data/logs:/loki
    restart: unless-stopped

  # --- Tableau de bord (Grafana) ---
  grafana:
    image: grafana/grafana:latest
    container_name: pxe-grafana
    ports:
      - "3000:3000"
    volumes:
      - /mnt/usb-data/monitoring:/var/lib/grafana
    restart: unless-stopped