---
version: "3.8"

services:
  app:
    user: 0:0
    image: dessalines/lemmy:0.18.3
    environment:
      - RUST_LOG="warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info"
      - DOMAIN
      - STACK_NAME
      - ADMIN_USERNAME
      - SITE_NAME
      - SLUR_FILTER
      - FEDERATION_ENABLED
    volumes:
      - lemmy_config:/config/
    secrets:
      - admin_password
      - postgres_password
    entrypoint: ['/docker-entrypoint.sh']
    # entrypoint: ['tail', '-f', '/dev/null']
    configs:
      - source: config_hjson_conf
        target: /config/config.hjson.tmpl
      - source: entrypoint_app_conf
        target: /docker-entrypoint.sh
        mode: 0555
    depends_on:
      - postgres
      - pictrs
    networks:
      - backend
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "coop-cloud.${STACK_NAME}.version=0.2.0+0.18.3"
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8536/api/v3/site"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 5m

  ui:
    image: dessalines/lemmy-ui:0.18.3
    environment:
      - "LEMMY_UI_LEMMY_INTERNAL_HOST=${STACK_NAME}_app:8536"
      - "LEMMY_UI_LEMMY_EXTERNAL_HOST=${DOMAIN}"
      # - LEMMY_HTTPS=true
    networks:
      - backend
    depends_on:
      - app
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:1234"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m

  db:
    image: postgres:15-alpine
    environment:
      - POSTGRES_USER=lemmy
      - POSTGRES_DB=lemmy
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
    networks:
      - backend
    secrets:
      - postgres_password
    volumes:
      - postgres_data:/var/lib/postgresql/data


  pictrs:
    image: asonix/pictrs:0.4.0-beta.19
    user: 991:991
    networks:
      - backend
    volumes:
      - pictrs:/mnt

  web:
    image: nginx:1.20.0
    networks:
      - proxy
      - backend
    environment:
      - DOMAIN
      - STACK_NAME
    configs:
      - source: nginx_conf
        target: /etc/nginx/conf.d/default.conf
    depends_on:
      - app
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        # Redirect from EXTRA_DOMAINS to DOMAIN
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"

volumes:
  lemmy_config:
  postgres_data:
  pictrs:

configs:
  entrypoint_app_conf:
    name: ${STACK_NAME}_entrypoint_app_${ENTRYPOINT_APP_VERSION}
    file: entrypoint.sh
  nginx_conf:
    name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION}
    file: nginx.conf.tmpl
    template_driver: golang
  config_hjson_conf:
    name: ${STACK_NAME}_config_hjson_${CONFIG_HJSON_VERSION}
    file: config.hjson.tmpl
    template_driver: golang

secrets:
  admin_password:
    external: true
    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
  postgres_password:
    external: true
    name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}

networks:
  backend:
  proxy:
    external: true