astro-payload-template/compose.yml

---
version: "3.8"

services:
  app:
    image: nginx:1.26.0
    networks:
      - proxy
    volumes:
      - html_content:/usr/share/nginx/html
    configs:
      - source: nginx_default_conf
        target: /etc/nginx/conf.d/default.conf
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}-astro.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}-astro.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}-astro.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}-astro.tls.certresolver=production"

  payload:
    image: git.autonomic.zone/autonomic-cooperative/justice-equity-technology-payload:latest
    environment:
      - "NAME=${STACK_NAME}"
      - "PAYLOAD_URL=${STACK_NAME}_payload"
      - "PAYLOAD_PORT=3001"
      - "PAYLOAD_SECRET_FILE=/run/secrets/payload_secret"
      - "MONGODB_USER=mongo"
      - "MONGODB_HOST=${STACK_NAME}_mongo"
      - "MONGODB_PORT=27017"
      - "MONGODB_PASSWORD_FILE=/run/secrets/mongo_password"
      - "TOKEN_FILE=/run/secrets/token"
    secrets:
      - mongo_password
      - payload_secret
      - token
    networks:
      - proxy
      - internal
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}-payload.loadbalancer.server.port=3001"
        # FIXME switch to /admin probably using PathPrefix
        - "traefik.http.routers.${STACK_NAME}-payload.rule=Host(`admin.${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}-payload.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}-payload.tls.certresolver=production"

  mongo:
    image: mongo:6.0.5
    restart: unless-stopped
    volumes:
      - mongo:/data/db
    command:
      - --storageEngine=wiredTiger
    environment:
      - "MONGO_INITDB_ROOT_USERNAME=mongo"
      - "MONGO_INITDB_ROOT_PASSWORD_FILE=/run/secrets/mongo_password"
    secrets:
      - mongo_password
    networks:
      - internal

networks:
  proxy:
    external: true
  internal:

secrets:
  payload_secret:
    external: true
    name: ${STACK_NAME}_payload_secret_${SECRET_PAYLOAD_SECRET_VERSION}
  token:
    external: true
    name: ${STACK_NAME}_token_${SECRET_TOKEN_VERSION}
  mongo_password:
    external: true
    name: ${STACK_NAME}_mongo_password_${SECRET_MONGO_PASSWORD_VERSION}

volumes:
  mongo:
  html_content:

configs:
  nginx_conf:
    name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
    file: astro/nginx.conf
    template_driver: golang