---
version: "3.8"

x-db-env: &db-env
  POSTGRES_PASSWORD_FILE: /run/secrets/db_password
  POSTGRES_DB: fablab_production
  POSTGRES_USER: postgres
  POSTGRES_USERNAME: postgres

x-redis-env: &redis-env
  REDIS_URL: redis://${STACK_NAME}_redis:6379
  REDIS_HOST: ${STACK_NAME}_redis
  REDIS_PORT: 6379

x-elastic-env: &elastic-env
  ES_JAVA_OPTS: -Xms512m -Xmx512m -Dlog4j2.formatMsgNoLookups=true


x-environment: &default-env
  <<: [*db-env, *redis-env]
  REDIS_URL: redis://${STACK_NAME}_redis:6379
  REDIS_HOST: ${STACK_NAME}_redis
  REDIS_PORT: 6379
  LETS_ENCRYPT_ENV: ${LETS_ENCRYPT_ENV}
  RAILS_ENV: production
  RACK_ENV: production
  POSTGRES_HOST: ${STACK_NAME}_db
  ELASTICSEARCH_HOST: ${STACK_NAME}_elasticsearch
  SLOT_DURATION: ${SLOT_DURATION}
  FEATURE_TOUR_DISPLAY: ${FEATURE_TOUR_DISPLAY}
  DEFAULT_HOST: ${DOMAIN}
  DEFAULT_PROTOCOL: http
  FAB_MANAGER_LOCALE_PACK: ${FAB_MANAGER_LOCALE_PACK}
  RAILS_LOCALE: ${RAILS_LOCALE}
  APP_LOCALE: ${APP_LOCALE}
  MOMENT_LOCALE: ${MOMENT_LOCALE}
  SUMMERNOTE_LOCALE: ${SUMMERNOTE_LOCALE}
  ANGULAR_LOCALE: ${ANGULAR_LOCALE}
  FULLCALENDAR_LOCALE: ${FULLCALENDAR_LOCALE}
  INTL_LOCALE: ${INTL_LOCALE}
  INTL_CURRENCY: ${INTL_CURRENCY}
  POSTGRESQL_LANGUAGE_ANALYZER: ${POSTGRESQL_LANGUAGE_ANALYZER}
  TIME_ZONE: ${TIME_ZONE}
  WEEK_STARTING_DAY: ${WEEK_STARTING_DAY}
  D3_DATE_FORMAT: ${D3_DATE_FORMAT}
  UIB_DATE_FORMAT: ${UIB_DATE_FORMAT}
  EXCEL_DATE_FORMAT: ${EXCEL_DATE_FORMAT}
  OPENLAB_BASE_URI: ${OPENLAB_BASE_URI}
  OPENLAB_SSL_VERIFY: ${OPENLAB_SSL_VERIFY}
  LOG_LEVEL: debug
  RAILS_LOG_TO_STDOUT: "true"
  DISK_SPACE_MB_ALERT: ${DISK_SPACE_MB_ALERT}
  ADMINSYS_EMAIL: ${ADMIN_INIT_EMAIL}
  ALLOW_INSECURE_HTTP: "true"
  ENABLE_SENTRY: "false"
  MAX_IMPORT_SIZE: ${MAX_IMPORT_SIZE}
  MAX_IMAGE_SIZE: ${MAX_IMAGE_SIZE}
  MAX_CAO_SIZE: ${MAX_CAO_SIZE}
  MAX_SUPPORTING_DOCUMENT_FILE_SIZE: ${MAX_SUPPORTING_DOCUMENT_FILE_SIZE}
  ADMIN_INIT_EMAIL: ${ADMIN_INIT_EMAIL}
  SECRET_KEY_BASE_FILE: /run/secrets/secret_key_base



services:
  app:
    image: sleede/fab-manager:release-v6.3.44
    environment: *default-env
    entrypoint: /entrypoint.sh
    command: ""
    configs:
      - source: app_entrypoint
        target: /entrypoint.sh
        mode: 0555
      - source: database_config
        target: /usr/src/app/config/database.yml
    volumes:
      - fabmanager_packs:/usr/src/app/public/packs
      - fabmanager_uploads:/usr/src/app/public/uploads
      - fabmanager_invoices:/usr/src/app/invoices
      - fabmanager_payment_schedules:/usr/src/app/payment_schedules
      - fabmanager_exports:/usr/src/app/exports
      - fabmanager_imports:/usr/src/app/imports
      - fabmanager_supporting_document_files:/usr/src/app/supporting_document_files
      - fabmanager_log:/var/log/supervisor
      - fabmanager_plugins:/usr/src/app/plugins
      - fabmanager_accounting:/usr/src/app/accounting
      - fabmanager_auth:/usr/src/app/authconfig
    depends_on:
      - db
      - redis
    secrets:
      - db_password
      - secret_key_base
      - admin_init_password
    networks:
      - proxy
      - db
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      rollback_config:
        order: start-first
      restart_policy:
        max_attempts: 3
        condition: on-failure
        window: 240s
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "coop-cloud.${STACK_NAME}.version=1.0.0+v6.3.44"
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
      interval: 30s
      timeout: 10s
      retries: 15
      start_period: 1m

  db:
    image: postgres:16.8
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      <<: *db-env
      POSTGRES_HOST_AUTH_METHOD: trust
    secrets:
      - db_password
    networks:
      - db
    configs:
        - source: pg_backup
          target: /pg_backup.sh
          mode: 0555
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      rollback_config:
        order: start-first
      restart_policy:
        max_attempts: 3
        condition: on-failure
        window: 60s
      labels:
        backupbot.backup: "${ENABLE_BACKUPS:-true}"
        backupbot.backup.pre-hook: "/pg_backup.sh backup"
        backupbot.backup.volumes.postgres_data.path: "backup.sql"
        backupbot.restore.post-hook: '/pg_backup.sh restore'
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -d $$POSTGRES_DB -U $$POSTGRES_USER" ]
      interval: 10s
      timeout: 5s
      retries: 10
  redis:
    image: redis:7.4-alpine
    environment:
      <<: *redis-env
    volumes:
      - redis_data:/data
    networks:
      - db
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      rollback_config:
        order: start-first
      restart_policy:
        max_attempts: 3
        condition: on-failure
        window: 60s
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]



  elasticsearch:
    image: elasticsearch:5.6
    environment:
      <<: *elastic-env
    ulimits:
      memlock:
        soft: -1
        hard: -1
    networks:
      - db
    configs:
      - source: elastic_search_config
        target: /usr/share/elasticsearch/config/elasticsearch.yml
      - source: elastic_search_log_config
        target: /usr/share/elasticsearch/config/log4j2.properties.tmpl
    volumes:
      - elasticsearch_data:/usr/share/elasticsearch/data
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      rollback_config:
        order: start-first
      restart_policy:
        max_attempts: 3
        condition: on-failure
        window: 60s
      labels:
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
    healthcheck:
      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
      interval: 30s
      timeout: 30s
      retries: 3

networks:
  proxy:
    external: true
  db:

volumes:
  fabmanager_packs:
  fabmanager_uploads:
  fabmanager_invoices:
  fabmanager_payment_schedules:
  fabmanager_exports:
  fabmanager_imports:
  fabmanager_supporting_document_files:
  fabmanager_log:
  fabmanager_plugins:
  fabmanager_accounting:
  fabmanager_auth:
  postgres_data:
  redis_data:
  elasticsearch_data:

secrets:
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
  secret_key_base:
    external: true
    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
  admin_init_password:
    external: true
    name: ${STACK_NAME}_admin_init_password_${SECRET_ADMIN_INIT_PASSWORD_VERSION}

configs:
  app_entrypoint:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
  database_config:
    name: ${STACK_NAME}_database_config_${DATABASE_CONFIG_VERSION}
    file: database_config.yml.tmpl
    template_driver: golang  
  elastic_search_config:
    name: ${STACK_NAME}_elastic_search_config_config_${ELASTIC_SEARCH_CONFIG_VERSION}
    file: elasticsearch.yml.tmpl
    template_driver: golang
  elastic_search_log_config:
    name: ${STACK_NAME}_elastic_search_log_config_config_${ELASTIC_SEARCH_LOG_CONFIG_VERSION}
    file: log4j2.properties.tmpl
    template_driver: golang
  pg_backup:
    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
    file: pg_backup.sh