---
version: "3.8"

services:
  app:
    image: vikunja/vikunja:0.24.2
    environment:
      - DOMAIN
      - LOG_LEVEL
      - VIKUNJA_RATELIMIT_NOAUTHLIMIT
      - VIKUNJA_SERVICE_PUBLICURL=${DOMAIN}
      - VIKUNJA_DATABASE_HOST=db
      - VIKUNJA_DATABASE_PASSWORD_FILE=/run/secrets/db_password
      - VIKUNJA_DATABASE_TYPE=postgres
      - VIKUNJA_DATABASE_USER=vikunja
      - VIKUNJA_DATABASE_DATABASE=vikunja
      - VIKUNJA_SERVICE_JWTSECRET_FILE=/run/secrets/jwt_secret
      - VIKUNJA_REDIS_ENABLED=1
      - VIKUNJA_REDIS_HOST=redis:6379
      - VIKUNJA_CACHE_ENABLED=1
      - VIKUNJA_CACHE_TYPE=redis
      - VIKUNJA_SERVICE_ENABLEREGISTRATION=false
      - VIKUNJA_SERVICE_JWTTTL=604800
      - VIKUNJA_MAILER_ENABLED
      - VIKUNJA_MAILER_HOST
      - VIKUNJA_MAILER_AUTHTYPE
      - VIKUNJA_MAILER_USERNAME
      - VIKUNJA_MAILER_PASSWORD_FILE=/run/secrets/smtp_password
      - VIKUNJA_MAILER_FROMEMAIL
      - VIKUNJA_LOG_LEVEL
      - VIKUNJA_LOG_DATABASE
      - VIKUNJA_LOG_DATABASELEVEL
      - VIKUNJA_LOG_EVENTS
      - VIKUNJA_LOG_MAIL
      - VIKUNJA_KEYVALUE_TYPE=redis
      - VIKUNJA_AUTH_LOCAL_ENABLED
      - VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME
      - VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL
    volumes: 
      - files:/app/vikunja/files
    networks:
      - proxy
      - internal
    secrets:
      - jwt_secret
      - db_password
    configs:
      - source: config_yml
        target: /etc/vikunja/config.yml
      - source: healthcheck
        target: /healthcheck
        mode: 555

    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3456"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "coop-cloud.${STACK_NAME}.version=1.0.0+0.24.2"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
    healthcheck:
      test: [ "CMD", "/healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m

  redis:
    image: redis
    networks:
      - internal
    ports:
      - "6379:6379"


  db:
    image: postgres:13
    environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
      POSTGRES_USER: vikunja
      POSTGRES_DB: vikunja
    volumes:
      - db:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"]
      interval: 2s
    networks:
      - internal
    secrets:
      - db_password
    deploy:
      labels:
        backupbot.backup: "true"
        backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
        backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
        backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"

volumes:
  files:
  db:


networks:
  proxy:
    external: true
  internal:


configs:
  config_yml:
    name: ${STACK_NAME}_config_yml_${CONFIG_YML_VERSION}
    file: config.yml.tmpl
    template_driver: golang
  healthcheck:
    name: ${STACK_NAME}_healthcheck_${HEALTHCHECK_VERSION}
    file: healthcheck

secrets:
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
  jwt_secret:
    external: true
    name: ${STACK_NAME}_jwt_secret_${SECRET_JWT_SECRET_VERSION}