lichen.page/compose.yml

---
version: "3.8"

services:
  app:
    image: notplants/lichen-full:0.1.9
    entrypoint: ["/entrypoint.sh"]
    networks:
      - internal
    environment:
      - LM_SERVER_PORT=9000
      - LM_DASHBOARD_DOMAIN=${DOMAIN}
      - LM_USE_AUTH=true
      - LM_ROOT_DIR=/data
      - LM_PUBLIC_URL=https://${DOMAIN}
      - AUTH_PROVIDERS=${AUTH_PROVIDERS:-file,atproto}
      - RUST_LOG=${RUST_LOG:-info}
    configs:
      - source: entrypoint
        target: /entrypoint.sh
        mode: 0555
      - source: lichen_toml
        target: /data/lichen-base.toml
        mode: 0444
    secrets:
      - admin_password
    volumes:
      - lichen_data:/data
    deploy:
      restart_policy:
        condition: on-failure
        max_attempts: 5
      labels:
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
        - "coop-cloud.${STACK_NAME}.version=0.1.2+v0.1.9"
        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:9000/tls-check"]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 30s

  caddy:
    image: caddy:2
    networks:
      - proxy
      - internal
    environment:
      - DOMAIN=${DOMAIN}
    configs:
      - source: caddyfile
        target: /etc/caddy/Caddyfile
    volumes:
      - caddy_data:/data
    deploy:
      restart_policy:
        condition: on-failure
        max_attempts: 5
      labels:
        - "traefik.enable=true"
        - "traefik.swarm.network=proxy"
        - "traefik.tcp.routers.${STACK_NAME}.rule=HostSNI(`${DOMAIN}`${EXTRA_DOMAINS}) || HostSNIRegexp(`^.+\\.${WILDCARD_DOMAIN}$$`)"
        - "traefik.tcp.routers.${STACK_NAME}.ruleSyntax=v3"
        - "traefik.tcp.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.tcp.routers.${STACK_NAME}.tls.passthrough=true"
        - "traefik.tcp.services.${STACK_NAME}.loadbalancer.server.port=443"

networks:
  proxy:
    external: true
  internal:

volumes:
  lichen_data:
  caddy_data:

secrets:
  admin_password:
    external: true
    name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}

configs:
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh
  caddyfile:
    name: ${STACK_NAME}_caddyfile_${CADDYFILE_VERSION}
    file: Caddyfile
  lichen_toml:
    name: ${STACK_NAME}_lichen_toml_${LICHEN_TOML_VERSION}
    file: lichen.toml.tmpl
    template_driver: golang