---
version: "3.8"

services:
  web:
    image: nginx:1.23.3
    networks:
      - proxy
      - internal
    environment:
      - DOMAIN
      - NGINX_WEBSEED_CDN_ENABLED
      - NGINX_WEBSEED_CDN_URI
      - NGINX_WEBSEED_PROXY_ENABLED
      - NGINX_WEBSEED_PROXY_URI
      - STACK_NAME
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - app-data:/var/www/peertube/storage:ro
      - app-assets:/var/www/peertube/peertube-latest/client/dist:ro
      - nginx-tmp:/var/lib/nginx/client-tmp:rw
      - nginx-cache:/var/cache/nginx/peertube-media-cache:rw
    configs:
      - source: nginx_config
        target: /etc/nginx/nginx.conf
    healthcheck:
      test: curl -f http://app:9000/v1/api/ping || exit 1
      interval: 5s
      timeout: 3s
      retries: 20
    deploy:
      restart_policy:
        condition: on-failure
      update_config:
        failure_action: rollback
        order: start-first
      rollback_config:
        order: start-first
      restart_policy:
        max_attempts: 10
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"

  app:
    image: chocobozzz/peertube:v5.0.1-bullseye
    environment:
      - PEERTUBE_ADMIN_EMAIL
      - PEERTUBE_CONTACT_FORM_ENABLED
      - PEERTUBE_DB_HOSTNAME=db
      - PEERTUBE_DB_PORT=5432
      - PEERTUBE_DB_USERNAME=peertube
      - PEERTUBE_LIVE_CHAT_ENABLED
      - PEERTUBE_LOG_PING_REQUESTS
      - PEERTUBE_REDIS_HOSTNAME=cache
      - PEERTUBE_SIGNUP_ENABLED
      - PEERTUBE_SMTP_ENABLED
      - PEERTUBE_TRANSCODING_ENABLED
      - PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.16.0.0/12", "10.0.0.0/8"]
      - PEERTUBE_WEBSERVER_HOSTNAME=${DOMAIN}
      - PEERTUBE_WEBSERVER_HTTPS
      - PEERTUBE_WEBSERVER_PORT
    volumes:
      - app-data:/data
      - app-config:/config
      - app-assets:/srv/client/dist
    secrets:
      - db_password
    configs:
      - source: app_entrypoint
        target: /docker-entrypoint.sh
        mode: 0555
    command: node dist/server
    healthcheck:
      test: curl -f http://localhost:9000/v1/api/ping || exit 1
      interval: 10s
      timeout: 3s
      retries: 20
    entrypoint: /docker-entrypoint.sh
    networks:
      - internal
    deploy:
      labels:
        - "coop-cloud.${STACK_NAME}.version=4.0.0+v5.0.1-bullseye"

  db:
    image: postgres:10-alpine
    environment:
      - POSTGRES_USER=peertube
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
      - POSTGRES_DB=peertube
    secrets:
      - db_password
    volumes:
      - postgres-data:/var/lib/postgresql/data
    networks:
      - internal
    healthcheck:
      test: pg_isready -U peertube
      interval: 10s
      timeout: 5s
      retries: 10

  cache:
    image: redis:7-alpine
    volumes:
      - redis-data:/data
    networks:
      - internal
    healthcheck:
      test: redis-cli ping
      interval: 10s
      timeout: 5s
      retries: 10

networks:
  internal:
  proxy:
    external: true

volumes:
  app-data:
  app-config:
  app-assets:
  nginx-tmp:
  nginx-cache:
  postgres-data:
  redis-data:

configs:
  nginx_config:
    name: ${STACK_NAME}_nginx_config_${NGINX_CONFIG_VERSION}
    file: nginx.conf.tmpl
    template_driver: golang
  app_entrypoint:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

secrets:
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}