version: '3.8'

services:
  route-switcher:
    build: .
    privileged: true
    depends_on:
      - primary-router
      - secondary-router
      - icmp-target
    networks:
      primary-net:
        ipv4_address: 192.168.200.10
      secondary-net:
        ipv4_address: 192.168.201.10
    environment:
      - RUST_LOG=debug
      - PRIMARY_INTERFACE=eth0
      - SECONDARY_INTERFACE=eth1
      - PRIMARY_GATEWAY=192.168.200.11
      - SECONDARY_GATEWAY=192.168.201.11
      - PING_TARGET=192.168.202.100
      - API_ENABLED=true
      - API_BIND_ADDRESS=0.0.0.0
      - API_PORT=8080
      - API_USERNAME=admin
      - API_PASSWORD_HASH=$2b$12$placeholder_hash_replace_with_actual_bcrypt_hash
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    volumes:
      - ./scripts:/scripts:ro

  route-switcher-dev:
    image: rust:1.93-bullseye
    privileged: true
    working_dir: /app
    command: |
      sh -c "
         echo nameserver 192.168.10.1 > /etc/resolv.conf &&
         apt update && apt install -y iproute2 curl net-tools &&
         /bin/sleep infinity
      "
    networks:
      primary-net:
        ipv4_address: 192.168.200.20
      secondary-net:
        ipv4_address: 192.168.201.20
      default:
    dns:
      - 192.168.10.1
    environment:
      - RUST_LOG=debug
      - PRIMARY_INTERFACE=eth0
      - SECONDARY_INTERFACE=eth1
      - PRIMARY_GATEWAY=192.168.200.11
      - SECONDARY_GATEWAY=192.168.201.11
      - PING_TARGET=192.168.202.100
      - API_ENABLED=true
      - API_BIND_ADDRESS=0.0.0.0
      - API_PORT=8080
      - API_USERNAME=admin
      - API_PASSWORD_HASH=$2b$12$placeholder_hash_replace_with_actual_bcrypt_hash
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    volumes:
      - .:/app:rw
      - cargo-cache:/usr/local/cargo/registry

  primary-router:
    image: alpine:latest
    privileged: true
    networks:
      primary-net:
        ipv4_address: 192.168.200.11
      target-net:
        ipv4_address: 192.168.202.11
      default:
    dns:
      - 192.168.10.1
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    command: sh /scripts/setup-router.sh primary
    volumes:
      - ./scripts:/scripts:ro

  secondary-router:
    image: alpine:latest
    privileged: true
    networks:
      secondary-net:
        ipv4_address: 192.168.201.11
      target-net:
        ipv4_address: 192.168.202.12
      default:
    dns:
      - 192.168.10.1
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    command: sh /scripts/setup-router.sh secondary
    volumes:
      - ./scripts:/scripts:ro

  icmp-target:
    image: alpine:latest
    networks:
      target-net:
        ipv4_address: 192.168.202.100
      default:
    dns:
      - 192.168.10.1
    cap_add:
      - NET_ADMIN
    command: |
      sh -c "
        echo 'ICMP Target configured at 192.168.202.100' &&
        echo 'Routes:' &&
        ip route show &&
        while true; do
          echo $(date): ICMP Target alive
          sleep 30
        done
      "
    healthcheck:
      test: ["CMD", "ping", "-c", "1", "192.168.202.11"]
      interval: 30s
      timeout: 10s
      retries: 3

networks:
  primary-net:
    driver: bridge
    internal: true
    ipam:
      config:
        - subnet: 192.168.200.0/24

  secondary-net:
    driver: bridge
    internal: true
    ipam:
      config:
        - subnet: 192.168.201.0/24

  target-net:
    driver: bridge
    internal: true
    ipam:
      config:
        - subnet: 192.168.202.0/24

  default:
    external: true
    name: podman

volumes:
  cargo-cache: