---
version: "3.8"

services:

  app:
    image: "zulip/docker-zulip:9.4-0"
    configs:
      - source: entrypoint
        target: /custom-entrypoint.sh
        mode: 0555
      - source: zulip-conf
        target: /etc/zulip/zulip.conf
        mode: 0644
        uid: "1000"
        gid: "1000"
    entrypoint: /custom-entrypoint.sh
    command:
      - "app:run"
    environment:
      DB_HOST: "database"
      DB_HOST_PORT: "5432"
      DB_USER: "zulip"
      SSL_CERTIFICATE_GENERATION: "self-signed"
      SETTING_MEMCACHED_LOCATION: "memcached:11211"
      SETTING_RABBITMQ_HOST: "rabbitmq"
      SETTING_REDIS_HOST: "redis"
      SETTING_EXTERNAL_HOST: ${DOMAIN}
      ZULIP_AUTH_BACKENDS: "EmailAuthBackend"
      SECRETS_postgres_password_FILE: "/run/secrets/db_password"
      SECRETS_memcached_password_FILE: "/run/secrets/memcached_password"
      SECRETS_redis_password_FILE: "/run/secrets/redis_password"
      SECRETS_rabbitmq_password_FILE: "/run/secrets/rabbitmq_password"
      SECRETS_email_password_FILE: "/run/secrets/smtp_password"
      SECRETS_secret_key_FILE: "/run/secrets/zulip_secret"
    secrets:
      - zulip_secret
      - smtp_password
      - db_password
      - rabbitmq_password
      - redis_password
      - memcached_password
    volumes:
      - "zulip:/data:rw"
    ulimits:
      nofile:
        soft: 1000000
        hard: 1048576
    networks:
      - proxy
      - internal
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "coop-cloud.${STACK_NAME}.version=0.1.0+9.4-0"

  database:
    image: "zulip/zulip-postgresql:14"
    environment:
      POSTGRES_DB: "zulip"
      POSTGRES_USER: "zulip"
      POSTGRES_PASSWORD_FILE: "/run/secrets/db_password"
    secrets:
      - db_password
    volumes:
      - "db:/var/lib/postgresql/data:rw"
    networks:
      - internal
    configs:
      - source: pg_backup
        target: /pg_backup.sh
        mode: 0555
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready" ]
      interval: 10s
      timeout: 5s
      retries: 5

  memcached:
    image: "memcached:alpine"
    command:
      - "sh"
      - "-euc"
      - |
        echo 'mech_list: plain' > "$$SASL_CONF_PATH"
        echo "zulip@$$HOSTNAME:$$MEMCACHED_PASSWORD" > "$$MEMCACHED_SASL_PWDB"
        echo "zulip@localhost:$$MEMCACHED_PASSWORD" >> "$$MEMCACHED_SASL_PWDB"
        exec memcached -S
    configs:
      - source: memcached_entrypoint
        target: /custom-entrypoint.sh
        mode: 0555
    entrypoint: /custom-entrypoint.sh
    secrets:
      - memcached_password
    environment:
      SASL_CONF_PATH: "/home/memcache/memcached.conf"
      MEMCACHED_SASL_PWDB: "/home/memcache/memcached-sasl-db"
    networks:
      - internal

  rabbitmq:
    image: "rabbitmq:4.0.6"
    environment:
      RABBITMQ_DEFAULT_USER: "zulip"
    configs:
      - source: rabbitmq_healthcheck
        target: /healthcheck.sh
        mode: 0555
      - source: rabbitmq_config
        target: /etc/rabbitmq/rabbitmq.conf
        mode: 0555
    secrets:
      - rabbitmq_password
    volumes:
      - "rabbitmq:/var/lib/rabbitmq:rw"
    healthcheck:
      test: [ "CMD-SHELL", "/healthcheck.sh" ]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - internal

  redis:
    image: "redis:7.2.7"
    configs:
      - source: redis_entrypoint
        target: /custom-entrypoint.sh
        mode: 0555
      - source: redis_healthcheck
        target: /healthcheck.sh
        mode: 0555
    entrypoint: /custom-entrypoint.sh
    environment:
        REDIS_PASSWORD_FILE: "/run/secrets/redis_password"
    secrets:
      - redis_password
    command:
      - "sh"
      - "-euc"
      - |
        echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
        exec redis-server /etc/redis.conf
    volumes:
      - "redis:/data:rw"
    networks:
      - internal

secrets:
  db_password:
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
    external: true
  rabbitmq_password:
    name: ${STACK_NAME}_rabbitmq_password_${SECRET_RABBITMQ_PASSWORD_VERSION}
    external: true
  redis_password:
    name: ${STACK_NAME}_redis_password_${SECRET_REDIS_PASSWORD_VERSION}
    external: true
  memcached_password:
    name: ${STACK_NAME}_memcached_password_${SECRET_MEMCACHED_PASSWORD_VERSION}
    external: true
  smtp_password:
    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
    external: true
  zulip_secret:
    name: ${STACK_NAME}_zulip_secret_${SECRET_ZULIP_SECRET_VERSION}
    external: true

configs:
  pg_backup:
    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
    file: pg_backup.sh
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
  zulip-conf:
    name: ${STACK_NAME}_zulip-conf_${ZULIP_CONF_VERSION}
    file: zulip.conf.tmpl
  memcached_entrypoint:
    name: ${STACK_NAME}_memcached_entrypoint_${MEM_ENTRYPOINT_VERSION}
    file: entrypoint.memcached.sh.tmpl
    template_driver: golang
  redis_entrypoint:
    name: ${STACK_NAME}_redis_entrypoint_${REDIS_ENTRYPOINT_VERSION}
    file: entrypoint.redis.sh.tmpl
    template_driver: golang
  rabbitmq_healthcheck:
    name: ${STACK_NAME}_rabbitmq_healthcheck_${RABBIT_HEALTHCHECK_VERSION}
    file: healthcheck.rabbitmq.sh
  rabbitmq_config:
    name: ${STACK_NAME}_rabbitmq_config_${RABBIT_CONFIG_VERSION}
    file: rabbitmq.conf.tmpl
    template_driver: golang
  redis_healthcheck:
    name: ${STACK_NAME}_redis_healthcheck_${REDIS_HEALTHCHECK_VERSION}
    file: healthcheck.redis.sh

volumes:
  zulip:
  db:
  rabbitmq:
  redis:


networks:
  internal:
  proxy:
    external: true