---
version: "3.8"

services:
  app:
    image: bonfirenetworks/bonfire:latest-${FLAVOUR}
    depends_on:
      - db
      - search
    environment:
      - POSTGRES_HOST=${STACK_NAME}_db
      - SEARCH_MEILI_INSTANCE=http://${STACK_NAME}_search:7700
      - POSTGRES_USER=postgres
      - POSTGRES_DB=bonfire_db
      - PUBLIC_PORT=443
      - HOSTNAME
      - MEILI_MASTER_KEY_FILE=/run/secrets/meili_master_key
    secrets: 
      - postgres_password
      - secret_key_base
      - signing_salt
      - encryption_salt
      - meili_master_key
      - seeds_pw
      - livebook_password
    volumes:
      - upload-data:/opt/app/data/uploads
    networks:
      - proxy
      - internal
    ports:
      - "4000:4000" # make sure this is commented in production
    entrypoint: "/docker-entrypoint.sh"
    configs:
      - source: app_entrypoint
        target: /docker-entrypoint.sh
        mode: 0555
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
    # healthcheck:
    #   test: ["CMD", "curl", "-f", "http://localhost"]
    #   interval: 30s
    #   timeout: 10s
    #   retries: 10
    #   start_period: 1m

  db:
    image: ${DB_DOCKER_IMAGE}
    environment:
      # - POSTGRES_PASSWORD
      - POSTGRES_USER=postgres
      - POSTGRES_DB=bonfire_db
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
    secrets: 
      - postgres_password
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      - internal
    
  search:
    image: getmeili/meilisearch:latest
    environment:
      - MEILI_MASTER_KEY_FILE=/run/secrets/meili_master_key
    secrets: 
      - meili_master_key
    volumes:
      - "search-data:/data.ms"
    networks:
      - internal
    entrypoint: ["tini", "--", "bash", "/docker-entrypoint.sh"]
    configs:
      - source: app_entrypoint
        target: /docker-entrypoint.sh
        mode: 0555

volumes:
  db-data:
  search-data:
  upload-data:

networks:
  proxy:
    external: true
  internal:

configs:
  app_entrypoint:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

secrets:
  postgres_password:
    external: true
    name: ${STACK_NAME}_postgres_password_${postgres_password_secret_version}
  secret_key_base:
    external: true
    name: ${STACK_NAME}_secret_key_base_${secret_key_base_secret_version}
  signing_salt:
    external: true
    name: ${STACK_NAME}_signing_salt_${signing_salt_secret_version}
  encryption_salt:
    external: true
    name: ${STACK_NAME}_encryption_salt_${encryption_salt_secret_version}
  meili_master_key:
    external: true
    name: ${STACK_NAME}_meili_master_key_${meili_master_key_secret_version}
  seeds_pw:
    external: true
    name: ${STACK_NAME}_seeds_pw_${seeds_pw_secret_version}
  livebook_password:
    external: true
    name: ${STACK_NAME}_livebook_password_${livebook_password_secret_version}