---
version: "3.8"

services:
  app:
    image: monica
    networks:
      - proxy
      - internal
    volumes:
      - data:/var/www/html/storage
    environment:
      - APP_KEY_FILE=/run/secrets/app_key
      - APP_URL=https://$DOMAIN
      - APP_TRUSTED_PROXIES=*
      - DB_HOST=db
      - DB_USERNAME=monica
      - DB_PASSWORD=secret
    secrets:
      - app_key
    configs:
      - source: entrypoint_conf
        target: /docker-entrypoint.sh
        mode: 0555
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        # healthcheck:
        #   test: ["CMD", "curl", "-f", "http://localhost:8080"]
        #   interval: 30s
        #   timeout: 10s
        #   retries: 10
        #   start_period: 1m


  db:
    image: mysql:5.7
    environment:
      - MYSQL_RANDOM_ROOT_PASSWORD=true
      - MYSQL_DATABASE=monica
      - MYSQL_USER=monica
      - MYSQL_PASSWORD=secret
    volumes:
      - mysql:/var/lib/mysql
    networks:
      - internal
    deploy:
      restart_policy:
        condition: on-failure

secrets:
  app_key:
    external: true
    name: ${STACK_NAME}_app_key_${SECRET_APP_KEY_VERSION}

configs:
  entrypoint_conf:
    name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

volumes:
  data:
  mysql:

networks:
  proxy:
    external: true
  internal: