---
version: "3.8"

services:
  app:
    image: framasoft/mobilizon:4.1.0 
    environment:
      - MOBILIZON_INSTANCE_NAME
      - MOBILIZON_INSTANCE_HOST=https://$DOMAIN
      - MOBILIZON_INSTANCE_LISTEN_IP
      - MOBILIZON_INSTANCE_PORT
      - MOBILIZON_INSTANCE_EMAIL
      - MOBILIZON_REPLY_EMAIL
      - MOBILIZON_INSTANCE_REGISTRATIONS_OPEN
      - MOBILIZON_DATABASE_USERNAME=mobilizon
      - MOBILIZON_DATABASE_DBNAME=mobilizon
      - MOBILIZON_DATABASE_HOST=db
      - MOBILIZON_DATABASE_PORT
      - MOBILIZON_DATABASE_SSL
      - MOBILIZON_LOGLEVEL
      - MOBILIZON_SMTP_SERVER
      - MOBILIZON_SMTP_PORT
      - MOBILIZON_SMTP_SSL
      - MOBILIZON_SMTP_TLS
      - MOBILIZON_SMTP_USERNAME
      - MOBILIZON_UPLOADS
      - MOBILIZON_UPLOADS_EXPORTS
      - MOBILIZON_TIMEZONES_DIR
      - MOBILIZON_TZDATA_DIR
    secrets:
      - secret_key_base
      - secret_key
      - smtp_password
      - db_password
    volumes:
      - "uploads:/var/lib/mobilizon/uploads"
      # - ${PWD}/config.exs:/etc/mobilizon/config.exs:ro
    entrypoint: /custom-entrypoint.sh
    # entrypoint: ["/bin/sh", "-c", "sleep 10000000000000000"]
    configs:
      - source: app_entrypoint
        target: /custom-entrypoint.sh
        mode: 0555
    networks:
      - proxy
      - backend
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "coop-cloud.${STACK_NAME}.version=0.1.0+4.1.0"
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
    # healthcheck:
    #   test: ["CMD", "curl", "-f", "http://localhost"]
    #   interval: 30s
    #   timeout: 10s
    #   retries: 10
    #   start_period: 1m

  db:
    deploy:
        labels:
          backupbot.backup: "true"
          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U postgres $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
          backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
    networks:
      - backend
    secrets:
      - db_password
    image: postgis/postgis:15-3.4
    volumes:
      - "db:/var/lib/postgresql/data"
    environment:
      POSTGRES_DB: mobilizon
      POSTGRES_USER: mobilizon
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password

volumes:
  uploads:
  db:

networks:
  proxy:
    external: true
  backend:

secrets:
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
  secret_key:
    external: true
    name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
  secret_key_base:
    external: true
    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
  smtp_password:
    external: true
    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}

configs:
  app_entrypoint:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang