services:
  app:
    image: dobbs/farm:1.1.0
    command: /bin/sh entrypoint.sh
    volumes:
      - "data:/home/node/.wiki"
    networks:
      - proxy
    configs:
      - source: entrypoint_sh_conf
        target: /home/node/entrypoint.sh
      - source: config_json_initial_conf
        target: /home/node/initial-config/config.json
    secrets:
      - cookie_secret
    environment:
      - DOMAIN
      - DOMAINS
      - COOKIE_SECRET
      - AUTHOR
      - ADMIN_KEY
    deploy:
      update_config:
        order: start-first
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`) || HostRegexp(`{subdomain:\\w+}.${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.tls.domains[0].main=${DOMAIN}"
        - "traefik.http.routers.${STACK_NAME}.tls.domains[0].sans=*.${DOMAIN}"
        - "traefik.http.routers.${STACK_NAME}.priority=1"
        - "traefik.http.routers.${STACK_NAME}_auth.rule=(Host(`${DOMAIN}`) && (PathPrefix(`/auth`) || Path(`/security/dialog.css`)))"
        - "traefik.http.routers.${STACK_NAME}_auth.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}_auth.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "caddy_0=https://${DOMAIN}"
        - "caddy_0.tls.on_demand="
        - "caddy_0.@match.path=/auth/* /security/dialog.css"
        - "caddy_0.reverse_proxy= @match {{upstreams 3000}}"
        - ${DOMAINS}
        - "caddy_1.reverse_proxy={{upstreams 3000}}"
        - "caddy_1.tls.on_demand="
        - "backupbot.backup=true"
        - "backupbot.backup.path=/home/node/.wiki"
    healthcheck:
      test: "node -e 'var http = require(\"http\"); var options = { host : \"localhost\", port : \"3000\", timeout : 2000, path : \"/view/welcome-visitors\", headers: { \"Host\": \"${DOMAIN}\" }  }; var request = http.request(options, (res) => { console.log(`STATUS: $${res.statusCode}`); if (res.statusCode == 200) {  process.exit(0); } else { process.exit(1); } }); request.on(\"error\", function(err) { console.log('ERROR'); process.exit(1); }); request.end();'"
      interval: 10s
      timeout: 2s
      retries: 2
      start_period: 30s

volumes:
  data:

networks:
  proxy:
    external: true

secrets:
  cookie_secret:
    external: true
    name: ${STACK_NAME}_cookie_secret

configs:
  entrypoint_sh_conf:
    name: ${STACK_NAME}_entrypoint_sh
    file: entrypoint.sh
  config_json_initial_conf:
    name: ${STACK_NAME}_config_initial_json
    file: config.initial.json.tmpl
    template_driver: golang