---
version: '3.8'
services:

  mariadb:
    image: mysql:5.7
    environment:
      - MYSQL_DATABASE=kimai
      - MYSQL_USER=kimai
      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
    volumes:
      - mariadb:/var/lib/mysql
    networks:
      - internal
    command: --default-storage-engine innodb
    secrets:
      - db_password
      - db_root_password
    #healthcheck:
    #  test: mysqladmin -pchangemeplease ping -h localhost
    #  interval: 20s
    #  start_period: 10s
    #  timeout: 10s
    #  retries: 3

  kimai:
    image: kimai/kimai2:apache-debian-1.8-prod
    environment:
      - APP_ENV=prod
      - TRUSTED_HOSTS=localhost,traefik,${DOMAIN}
      - TRUSTED_PROXIES=localhost,traefik,127.0.0.1
      - ADMINMAIL=admin@kimai.local
      - ADMINPASS_FILE=/run/secrets/admin_password
      - DATABASE_TYPE=mysql
      - DATABASE_HOST=mariadb
      - DATABASE_NAME=kimai
      - DATABASE_USER=kimai
      - DATABASE_PASSWORD_FILE=/run/secrets/db_password
    volumes:
      - kimai_public:/opt/kimai/public
      - kimai_var:/opt/kimai/var
    networks:
      - internal
      - proxy
    configs:
      - source: entrypoint_conf
        target: /docker-entrypoint.sh
        mode: 0555
    secrets:
      - db_password
      - admin_password
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.routers.${STACK_NAME}.tls=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8001"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
    #entrypoint: ['tail', '-f', '/dev/null']
    entrypoint: /docker-entrypoint.sh
    #healthcheck:
    #  test: curl -s -o /dev/null http://localhost:8001 || exit 1
    #  interval: 20s
    #  start_period: 10s
    #  timeout: 10s
    #  retries: 3

  #postfix:
  #  image: catatnight/postfix:latest
  #  environment:
  #    maildomain: kimai.local
  #    smtp_user: kimai:kimai
  #  restart: unless-stopped

volumes:
    kimai_var:
    kimai_public:
    mariadb:

secrets:
  db_password:    
    external: true 
    name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
  db_root_password:    
    external: true 
    name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
  admin_password:    
    external: true 
    name: ${STACK_NAME}_admin_password_${ADMIN_PASSWORD_VERSION}

networks:
  proxy:
    external: true
  internal:

configs:
  entrypoint_conf:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang