---
version: "3.8"

services:
  app:
    image: borgwarehouse/borgwarehouse:v3.0.0
    configs:
      - source: entrypoint
        target: /custom-entrypoint.sh
        mode: 0555
    entrypoint: /custom-entrypoint.sh
    secrets:
      - nextauth_secret
    environment:
      - WEB_SERVER_PORT=3000
      - SSH_SERVER_PORT=2002
      - NEXTAUTH_URL=https://${DOMAIN}
      - FQDN=${DOMAIN}
      - NEXTAUTH_SECRET_FILE=/run/secrets/nextauth_secret
    volumes:
      - configs:/home/borgwarehouse/app/config
      - ssh:/home/borgwarehouse/.ssh
      - tmp:/home/borgwarehouse/tmp
      - logs:/home/borgwarehouse/logs
      - sshhost:/etc/ssh
      - ${BORG_REPOSITORY_PATH:-repos}:/home/borgwarehouse/repos
    networks:
      - proxy
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=borgwarehouse-ssh"
        - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=2002"
        - "coop-cloud.${STACK_NAME}.version=0.1.0+v3.0.0"
networks:
  proxy:
    external: true

secrets:
  nextauth_secret:
    name: ${STACK_NAME}_nextauth_secret_${SECRET_NEXTAUTH_SECRET_VERSION}
    external: true

volumes:
  logs:
  sshhost:
  repos:
  configs:
  ssh:
  tmp:

configs:
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang