# =============================================================================
# STELLA OPS - COMPLIANCE OVERLAY: EU
# =============================================================================
# eIDAS qualified trust services crypto overlay.
# This file extends docker-compose.stella-ops.yml with EU-specific crypto.
#
# Usage:
#   docker compose -f devops/compose/docker-compose.stella-ops.yml \
#     -f devops/compose/docker-compose.compliance-eu.yml up -d
#
# Cryptography:
# - eIDAS-compliant qualified electronic signatures
# - ETSI TS 119 312 compliant algorithms
# - Qualified Trust Service Provider (QTSP) integration
#
# =============================================================================

x-crypto-env: &crypto-env
  STELLAOPS_CRYPTO_PROFILE: "eu"
  STELLAOPS_CRYPTO_CONFIG_PATH: "/app/etc/appsettings.crypto.yaml"
  STELLAOPS_CRYPTO_MANIFEST_PATH: "/app/etc/crypto-plugins-manifest.json"

x-crypto-volumes: &crypto-volumes
  - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
  - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro

services:
  # ---------------------------------------------------------------------------
  # Authority - EU crypto overlay
  # ---------------------------------------------------------------------------
  authority:
    image: registry.stella-ops.org/stellaops/authority:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/authority:/app/etc/authority:ro
      - ../../etc/certificates/trust-roots:/etc/ssl/certs/stellaops:ro
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Signer - EU crypto overlay
  # ---------------------------------------------------------------------------
  signer:
    image: registry.stella-ops.org/stellaops/signer:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Attestor - EU crypto overlay
  # ---------------------------------------------------------------------------
  attestor:
    image: registry.stella-ops.org/stellaops/attestor:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Concelier - EU crypto overlay
  # ---------------------------------------------------------------------------
  concelier:
    image: registry.stella-ops.org/stellaops/concelier:eu
    environment:
      <<: *crypto-env
    volumes:
      - concelier-jobs:/var/lib/concelier/jobs
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Scanner Web - EU crypto overlay
  # ---------------------------------------------------------------------------
  scanner-web:
    image: registry.stella-ops.org/stellaops/scanner-web:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/scanner:/app/etc/scanner:ro
      - ../../etc/certificates/trust-roots:/etc/ssl/certs/stellaops:ro
      - scanner-surface-cache:/var/lib/stellaops/surface
      - ${SURFACE_SECRETS_HOST_PATH:-./offline/surface-secrets}:${SCANNER_SURFACE_SECRETS_ROOT:-/etc/stellaops/secrets}:ro
      - ${SCANNER_OFFLINEKIT_TRUSTROOTS_HOST_PATH:-./offline/trust-roots}:${SCANNER_OFFLINEKIT_TRUSTROOTDIRECTORY:-/etc/stellaops/trust-roots}:ro
      - ${SCANNER_OFFLINEKIT_REKOR_SNAPSHOT_HOST_PATH:-./offline/rekor-snapshot}:${SCANNER_OFFLINEKIT_REKORSNAPSHOTDIRECTORY:-/var/lib/stellaops/rekor-snapshot}:ro
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Scanner Worker - EU crypto overlay
  # ---------------------------------------------------------------------------
  scanner-worker:
    image: registry.stella-ops.org/stellaops/scanner-worker:eu
    environment:
      <<: *crypto-env
    volumes:
      - scanner-surface-cache:/var/lib/stellaops/surface
      - ${SURFACE_SECRETS_HOST_PATH:-./offline/surface-secrets}:${SCANNER_SURFACE_SECRETS_ROOT:-/etc/stellaops/secrets}:ro
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Scheduler Worker - EU crypto overlay
  # ---------------------------------------------------------------------------
  scheduler-worker:
    image: registry.stella-ops.org/stellaops/scheduler-worker:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Notify Web - EU crypto overlay
  # ---------------------------------------------------------------------------
  notify-web:
    image: registry.stella-ops.org/stellaops/notify-web:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/notify:/app/etc/notify:ro
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Excititor - EU crypto overlay
  # ---------------------------------------------------------------------------
  excititor:
    image: registry.stella-ops.org/stellaops/excititor:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Advisory AI Web - EU crypto overlay
  # ---------------------------------------------------------------------------
  advisory-ai-web:
    image: registry.stella-ops.org/stellaops/advisory-ai-web:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/llm-providers:/app/etc/llm-providers:ro
      - advisory-ai-queue:/var/lib/advisory-ai/queue
      - advisory-ai-plans:/var/lib/advisory-ai/plans
      - advisory-ai-outputs:/var/lib/advisory-ai/outputs
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Advisory AI Worker - EU crypto overlay
  # ---------------------------------------------------------------------------
  advisory-ai-worker:
    image: registry.stella-ops.org/stellaops/advisory-ai-worker:eu
    environment:
      <<: *crypto-env
    volumes:
      - ../../etc/llm-providers:/app/etc/llm-providers:ro
      - advisory-ai-queue:/var/lib/advisory-ai/queue
      - advisory-ai-plans:/var/lib/advisory-ai/plans
      - advisory-ai-outputs:/var/lib/advisory-ai/outputs
      - ../../etc/appsettings.crypto.eu.yaml:/app/etc/appsettings.crypto.yaml:ro
      - ../../etc/crypto-plugins-manifest.json:/app/etc/crypto-plugins-manifest.json:ro
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"

  # ---------------------------------------------------------------------------
  # Web UI - EU crypto overlay
  # ---------------------------------------------------------------------------
  web-ui:
    image: registry.stella-ops.org/stellaops/web-ui:eu
    labels:
      com.stellaops.crypto.profile: "eu"
      com.stellaops.compliance: "eidas"