---
version: "3.8"

services:
  app:
    image: lukevella/rallly:3.5.0
    hostname: 0.0.0.0
    networks:
      - proxy
      - internal
    depends_on:
      - rallly_db
    secrets:
      - secret_key
      - smtp_pwd
      - db_password
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
      - DATABASE=rallly_db:5432/db
      - NEXT_PUBLIC_BASE_URL=https://${DOMAIN}
      - NEXT_PUBLIC_APP_BASE_URL=https://${DOMAIN}
      - NEXTAUTH_URL=$NEXT_PUBLIC_BASE_URL
      - SECRET_PASSWORD_FILE=/run/secrets/secret_key
      - SUPPORT_EMAIL
      - SMTP_HOST
      - SMTP_PORT
      - SMTP_SECURE
      - SMTP_USER
      - SMTP_PWD_FILE=/run/secrets/smtp_pwd
    entrypoint: /docker-entrypoint.sh
    configs:
      - source: app_entrypoint
        target: /docker-entrypoint.sh
        mode: 0555
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        # Redirect from EXTRA_DOMAINS to DOMAIN
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "coop-cloud.${STACK_NAME}.version=0.4.1+2.11.1"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m
  rallly_db:
    image: postgres:14.8
    deploy:
        labels:
          backupbot.backup: "true"
          backupbot.backup.pre-hook: "PGPASSWORD=$$(cat /run/secrets/db_password) pg_dump -U postgres $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
          backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
    volumes:
      - db-data:/var/lib/postgresql/data
    secrets:
      - db_password
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
      - POSTGRES_DB=db
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - internal

secrets:
  db_password:
    external: true
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
  secret_key:
    external: true
    name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
  smtp_pwd:
    external: true
    name: ${STACK_NAME}_smtp_pwd_${SECRET_SMTP_PWD_VERSION}

networks:
  proxy:
    external: true
  internal:

volumes:
  mongodb_log:
  mongodb_lib:
  mongodb:
  db-data:

configs:
  app_entrypoint:
    name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang