version: '3.8'
services:
  db:
    image: mongo:5.0
    command: mongod --oplogSize 128 --quiet
    volumes:
      - wekan-db:/data/db
    networks:
      - internal
    healthcheck:
      test:  echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m
    deploy:
      labels:
        backupbot.backup: "true"
        backupbot.backup.pre-hook: "mongodump --archive=/data/db/wekan.db"
        backupbot.backup.post-hook: "rm -rf /data/db/wekan.db"
        backupbot.backup.path: "/data/db/wekan.db"

  app:
    image: quay.io/wekan/wekan:v7.30
    environment:
      - MONGO_URL=mongodb://db:27017/wekan
      - DOMAIN
      - ROOT_URL
      - DEBUG
      - MAIL_URL
      - MAIL_FROM
      - WITH_API
      - RICHER_CARD_COMMENT_EDITOR
      - CORS
      - CORS_ALLOW_HEADERS
      - CORS_EXPOSE_HEADERS
      - PASSWORD_LOGIN_ENABLED
      - OAUTH2_ENABLED
      - OAUTH2_LOGIN_STYLE
      - OAUTH2_CLIENT_ID
      - OAUTH2_SECRET_FILE=/run/secrets/oauth2_secret
      - OAUTH2_SERVER_URL
      - OAUTH2_AUTH_ENDPOINT
      - OAUTH2_USERINFO_ENDPOINT
      - OAUTH2_TOKEN_ENDPOINT
      - OAUTH2_REQUEST_PERMISSIONS
      - OAUTH2_ID_MAP
      - OAUTH2_USERNAME_MAP
      - OAUTH2_FULLNAME_MAP
      - OAUTH2_EMAIL_MAP
      - DEFAULT_AUTHENTICATION_METHOD
      - PROPAGATE_OIDC_DATA
      - OIDC_REDIRECTION_ENABLED
    networks:
      - internal
      - proxy
    depends_on:
      - db
    healthcheck:
      test: node /build/healthcheck.js # no curl for healthcheck in wekan container
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m
    secrets:
      - oauth2_secret
    configs:
      - source: healthcheck_js
        target: /build/healthcheck.js
        mode: 0555
      - source: entrypoint
        target: /home/wekan/app/docker-entrypoint.sh
        mode: 0555
    entrypoint: /home/wekan/app/docker-entrypoint.sh
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "coop-cloud.${STACK_NAME}.version=2.1.0+v7.30"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"

volumes:
  wekan-db:

networks:
  proxy:
    external: true
  internal:

configs:
  healthcheck_js:
    name: ${STACK_NAME}_healthcheck_js
    file: healthcheck.js
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

secrets:
  oauth2_secret:
    name: ${STACK_NAME}_oauth2_secret_${SECRET_OAUTH2_SECRET_VERSION}
    external: true