version: "3.8"

services:
  postgres:
    image: postgres:13-alpine
    security_opt:
      - no-new-privileges:true
    tmpfs:
      - /tmp
      - /var/run/postgresql
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      # timezone inside container
      - TZ

      # necessary Postgres options/variables
      - POSTGRES_USER=mattermost
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - POSTGRES_DB=mattermost
    secrets:
      - postgres_password
    networks:
      - internal

  app:
    image: mattermost/mattermost-team-edition:7.0
    security_opt:
      - no-new-privileges:true
    read_only: ${MATTERMOST_CONTAINER_READONLY}
    tmpfs:
      - /tmp
    volumes:
      - mattermost_config:/mattermost/config:rw
      - mattermost_data:/mattermost/data:rw
      - mattermost_logs:/mattermost/logs:rw
      - mattermost_plugins:/mattermost/plugins:rw
      - mattermost_client_plugins:/mattermost/client/plugins:rw
    environment:
      # timezone inside container
      - TZ

      # necessary Mattermost options/variables (see env.sample)
      - MM_SQLSETTINGS_DRIVERNAME=postgres

      # additional settings
      - MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}
    networks:
      - proxy
      - internal
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8065"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "coop-cloud.${STACK_NAME}.version=0.1.0+7.0"
    configs:
      - source: abra_mattermost_entrypoint
        target: /abra-mattermost-entrypoint.sh
        mode: 0555
    secrets:
      - postgres_password
    entrypoint: /abra-mattermost-entrypoint.sh

secrets:
  postgres_password:
    external: true
    name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}

configs:
  abra_mattermost_entrypoint:
    name: abra_mattermost_entrypoint
    file: ./abra-mattermost-entrypoint.sh

networks:
  proxy:
    external: true
  internal:

volumes:
  postgres_data:
  mattermost_config:
  mattermost_data:
  mattermost_logs:
  mattermost_plugins:
  mattermost_client_plugins: