---
version: "3.8"

x-environment: &default-env
  - SNIKKET_ADMIN_EMAIL
  - SNIKKET_CERTFILE=/certs/$DOMAIN/cert.pem
  - SNIKKET_DOMAIN=${DOMAIN}
  - SNIKKET_KEYFILE=/certs/$DOMAIN/key.pem
  - SNIKKET_TWEAK_INTERNAL_HTTP_HOST=${STACK_NAME}_server
  - SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE=0.0.0.0
  - SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_HOST=${STACK_NAME}_portal
  - SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE=0.0.0.0
  - SNIKKET_TWEAK_TURNSERVER=0
  - SNIKKET_TWEAK_TURNSERVER_DOMAIN
  - SNIKKET_TWEAK_TURNSERVER_SECRET_FILE=/run/secrets/coturn_secret
  - SNIKKET_WEB_PROSODY_ENDPOINT=http://${STACK_NAME}_server:5280

services:
  app:
    image: thecoopcloud/snikket-web-proxy:latest
    networks:
      - proxy
      - backend
    environment: *default-env
    volumes:
      - snikket_data:/snikket
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`, `groups.${DOMAIN}`, `share.${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.domains[0].main=${DOMAIN}"
        - "traefik.http.routers.${STACK_NAME}.tls.domains[0].sans=groups.${DOMAIN},share.${DOMAIN}"

  portal:
    image: snikket/snikket-web-portal:beta
    environment: *default-env
    networks:
      - backend

  server:
    image: thecoopcloud/snikket-server:latest
    secrets:
      - coturn_secret
    configs:
      - source: app_entrypoint
        target: /docker-entrypoint.sh
        mode: 0555
    volumes:
      - snikket_data:/snikket
      - certs:/certs
    environment: *default-env
    entrypoint: /docker-entrypoint.sh
    networks:
      - backend
    ports:
      # Client App Connections (Client to Server) (XMPP-c2s)
      - target: 5222
        published: 5222
        mode: host
      - target: 5223
        published: 5223
        mode: host

      # Federation With Other Snikket Servers (Server to Server) (XMPP-s2s)
      - target: 5269
        published: 5269
        mode: host

      # File Transfer Proxy (proxy65)
      - target: 5000
        published: 5000
        mode: host

  certs:
    image: humenius/traefik-certs-dumper:1.5
    volumes:
      - traefik_letsencrypt:/traefik
      - certs:/output
    environment:
      - ACME_FILE_PATH=/traefik/production-acme.json
      - DOMAIN=${DOMAIN},groups.${DOMAIN},share.${DOMAIN}
      - OVERRIDE_UID=101  # prosody
      - OVERRIDE_GID=102  # prosody

configs:
  app_entrypoint:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

secrets:
  coturn_secret:
    external: true
    name: ${STACK_NAME}_coturn_secret_${SECRET_COTURN_SECRET_VERSION}

volumes:
  snikket_data:
  certs:
  traefik_letsencrypt:
    name: "${TRAEFIK_SERVICE:-traefik_letsencrypt}"
    external: true

networks:
  proxy:
    external: true
  backend: