---
version: "3.8"

x-db-env: &db-env
    POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    POSTGRES_DB: loomio_production
    POSTGRES_USER: postgres

x-redis-env: &redis-env
  REDIS_URL: redis://redis:6379

x-environment: &default-env
  <<: *db-env
  <<: *redis-env
  CANONICAL_HOST: ${DOMAIN}
  VIRTUAL_HOST: ${DOMAIN}
  CHANNELS_URI: wss://channels.${DOMAIN}
  SUPPORT_EMAIL: ${SUPPORT_EMAIL}
  NOTIFICATIONS_EMAIL_ADDRESS: ${NOTIFICATIONS_EMAIL_ADDRESS}
  REPLY_HOSTNAME: ${REPLY_HOSTNAME}
  RAILS_ENV: ${RAILS_ENV}
  PUMA_WORKERS: ${PUMA_WORKERS}
  MIN_THREADS: ${MIN_THREADS}
  MAX_THREADS: ${MAX_THREADS}
  FORCE_SSL: ${FORCE_SSL}
  USE_RACK_ATTACK: ${USE_RACK_ATTACK}
  DEVISE_SECRET_FILE: /run/secrets/devise_secret
  SECRET_COOKIE_TOKEN_FILE: /run/secrets/secret_cookie_token
  SAML_APP_KEY:
  SAML_IDP_METADATA_URL:
  SAML_ISSUER:
  FEATURES_DISABLE_EMAIL_LOGIN:

services:
  app:
    image: loomio/loomio:v2.25.3
    configs:
      - source: entrypoint
        target: /entrypoint.sh
        mode: 0555
    entrypoint: /entrypoint.sh
    secrets:
      - devise_secret
      - secret_cookie_token
      - db_password
    volumes:
      - loomio_uploads:/loomio/public/system
      - loomio_storage:/loomio/storage
      - loomio_files:/loomio/public/files
      - loomio_plugins:/loomio/plugins/docker
      - loomio_import:/import
    networks:
      - proxy
      - backend
    depends_on:
      - db
      - redis
    environment: *default-env
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 2m
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "coop-cloud.${STACK_NAME}.version=4.0.0+v2.25.3"
        - "backupbot.backup:=${ENABLE_BACKUPS:-true}"
  worker:
    image: loomio/loomio:v2.25.3
    configs:
      - source: entrypoint
        target: /entrypoint.sh
        mode: 0555
    entrypoint: /entrypoint.sh
    secrets:
      - devise_secret
      - secret_cookie_token
      - db_password
    networks:
      - backend
    environment:
      !!merge <<: *default-env
      TASK: worker
    depends_on:
      - app
    volumes:
      - loomio_uploads:/loomio/public/system
      - loomio_storage:/loomio/storage
      - loomio_files:/loomio/public/files
      - loomio_plugins:/loomio/plugins/docker
  db:
    # loomio version upgrades and postgres version upgrade should not be performed at the same time.
    image: pgautoupgrade/pgautoupgrade:17-debian
    networks:
      - backend
    volumes:
      - pgdata:/pgdata
    secrets:
      - db_password
    environment:
      <<: *db-env
      PGDATA: /pgdata
    deploy:
      labels:
        backupbot.backup: "${ENABLE_BACKUPS:-true}"
        backupbot.backup.pre-hook: sh -c 'pg_dump -U "$$POSTGRES_USER" -Fc "$$POSTGRES_DB" | gzip > "/postgres.dump.gz"'
        backupbot.backup.path: "/postgres.dump.gz"
        backupbot.backup.post-hook: "rm -f /postgres.dump.gz"
        backupbot.restore: "true"
        backupbot.restore.post-hook: sh -c 'gzip -d /postgres.dump.gz && pg_restore --clean -U "$$POSTGRES_USER" --dbname="$$POSTGRES_DB" < /postgres.dump && rm -f /postgres.dump'
  redis:
    image: redis:5.0
    networks:
      - backend
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
  #mailin:
  #  image: loomio/mailin-docker:latest
  #  networks:
  #    - proxy
  #  ports:
  #    - "25:25"
  #  environment:
  #    - WEBHOOK_URL=http://app:3000/email_processor/
  channels:
    image: loomio/loomio_channel_server
    networks:
      - backend
    depends_on:
      - redis
    environment:
      <<: *redis-env
  cron:
    image: loomio/loomio:v2.25.3
    configs:
      - source: entrypoint
        target: /entrypoint.sh
        mode: 0555
    entrypoint: [ "/entrypoint.sh", "rake loomio:hourly_tasks" ]
    environment: *default-env
    secrets:
      - devise_secret
      - secret_cookie_token
      - db_password
    volumes:
      - loomio_uploads:/loomio/public/system
      - loomio_storage:/loomio/storage
      - loomio_files:/loomio/public/files
      - loomio_plugins:/loomio/plugins/docker
      - loomio_import:/import
    networks:
      - backend
    depends_on:
      - db
      - redis
    deploy:
      mode: replicated
      replicas: 0
      labels:
        - "swarm.cronjob.enable=true"
        - "swarm.cronjob.schedule=0 * * * *"
      restart_policy:
        condition: none
networks:
  backend:
  proxy:
    external: true
volumes:
  loomio_uploads:
  loomio_storage:
  loomio_files:
  loomio_plugins:
  loomio_import:
  pgdata:

configs:
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${LOOMIO_ENTRYPOINT_VERSION}
    file: entrypoint.sh

secrets:
  devise_secret:
    external: true
    name: ${STACK_NAME}_devise_secret_${SECRET_DEVISE_SECRET_VERSION}
  secret_cookie_token:
    external: true
    name: ${STACK_NAME}_secret_cookie_token_${SECRET_SECRET_COOKIE_TOKEN_VERSION}
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}