commit 4d7e2d69d8f406aa4f9849e71d117d056dc327f7
Author: 3wc <3wc.git@doesthisthing.work>
Date:   Thu Oct 1 01:22:57 2020 +0200

    Initial import

diff --git a/.envrc.sample b/.envrc.sample
new file mode 100644
index 0000000..714d07a
--- /dev/null
+++ b/.envrc.sample
@@ -0,0 +1,9 @@
+export SERVICE=strapi
+export STACK_NAME=strapi
+
+export DOMAIN=strapi.example.com
+export LETS_ENCRYPT_ENV=production
+
+export DB_ROOT_PASSWORD_VERSION=v1
+
+export ENTRYPOINT_CONF_VERSION=v1
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..4baa79b
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,76 @@
+---
+version: '3.8'
+
+services:
+  app:
+    depends_on:
+      - db
+    image: strapi/strapi:3.1.6
+    volumes:
+      - strapi:/srv/app
+    secrets:
+      - db_root_password
+    configs:
+      - source: entrypoint_conf
+        target: /docker-entrypoint.sh
+        mode: 0555
+    #entrypoint: ['tail', '-f', '/dev/null']
+    entrypoint: /docker-entrypoint.sh
+    networks:
+      - internal
+      - proxy
+    environment:
+      DATABASE_CLIENT: mongo
+      DATABASE_HOST: db
+      DATABASE_PORT: '27017'
+      DATABASE_NAME: strapi
+      DATABASE_USERNAME: root
+      DATABASE_PASSWORD_FILE: /run/secrets/db_root_password
+      PROXY_PORT: 443
+      PROXY_HOST: ${DOMAIN}
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.routers.${STACK_NAME}.tls=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=1337"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+
+  db:
+    image: mongo:3.6
+    volumes:
+     - mongo:/data/db
+    secrets:
+      - db_root_password
+    environment:
+      MONGO_INITDB_DATABASE: strapi
+      MONGO_INITDB_ROOT_USERNAME: root
+      MONGO_INITDB_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
+    networks:
+      - internal
+    labels:
+      - "traefik.enable=false"
+
+volumes:
+  strapi:
+  mongo:
+
+secrets:
+  db_root_password:    
+    external: true 
+    name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+configs:
+  entrypoint_conf:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
+    file: entrypoint.sh.tmpl
+    template_driver: golang
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
new file mode 100644
index 0000000..2330927
--- /dev/null
+++ b/entrypoint.sh.tmpl
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+file_env() {
+	# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
+	# 	https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+load_vars() {
+	file_env "DATABASE_PASSWORD"
+}
+
+main() {
+	set -eu
+
+	load_vars
+}
+
+main
+
+if [ ! "${1-}" == "-e" ]; then
+	docker-entrypoint.sh strapi develop
+fi
+
+set +eu