---
services:
  app:
    image: ghcr.io/toeverything/affine:${IMAGE_VERSION:-0.25.7}

    environment:
      REDIS_SERVER_HOST: redis
      DB_PASSWORD_FILE: /var/run/secrets/db_password
      AFFINE_INDEXER_ENABLED: "false"
      AFFINE_SERVER_HTTPS: "true"
      AFFINE_SERVER_HOST: $DOMAIN

    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3010"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.regex=^http[s]?://([^/]*)/(.*)"
        - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.replacement=https://${DOMAIN}/$${2}"
        - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.permanent=true"
        ## Redirect HTTP to HTTPS
        - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.scheme=https"
        - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.permanent=true"
        - "coop-cloud.${STACK_NAME}.version=0.1.0+0.25.7"
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
        - "backupbot.volumes.redis=false"

    configs:
      - source: affine_entrypoint
        target: /abra-entrypoint.sh
        mode: 0555

    command: ["sh", "-c", "node dist/main.js"]
    entrypoint: /abra-entrypoint.sh

    healthcheck:
      test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/3010' || exit 1"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m

    volumes:
      - uploads:/root/.affine/storage
      - config:/root/.affine/config

    networks:
      - proxy
      - internal

    secrets:
      - db_password

  redis:
    image: redis:8
    healthcheck:
      test: ['CMD', 'redis-cli', '--raw', 'incr', 'ping']
      interval: 10s
      timeout: 5s
      retries: 5
      
    networks:
      - internal

  postgres:
    image: pgvector/pgvector:pg16
    volumes:
      - db:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: affine
      POSTGRES_PASSWORD_FILE: /var/run/secrets/db_password
      POSTGRES_DB: affine
      POSTGRES_INITDB_ARGS: '--data-checksums'
      
    healthcheck:
      test:
        ['CMD', 'pg_isready', '-U', "${DB_USERNAME}", '-d', "${DB_DATABASE:-affine}"]
      interval: 10s
      timeout: 5s
      retries: 5

    networks:
      - internal

    secrets:
      - db_password

networks:
  proxy:
    external: true
  internal:

volumes:
  uploads:
  config:
  db:

secrets:
  db_password:
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
    external: true

configs:
  affine_entrypoint:
    name: ${STACK_NAME}_affine_entrypoint_${AFFINE_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang