version: "3.8"
x-env: &env
  DOMAIN:
  EMAIL_ERROR:
  EMAIL_REPLY_DOMAIN:
  EMAIL_SENDER:
  FOODCOOP_CITY:
  FOODCOOP_COUNTRY:
  FOODCOOP_EMAIL:
  FOODCOOP_FOOTER:
  FOODCOOP_HELP_URL:
  FOODCOOP_HOMEPAGE:
  FOODCOOP_MULTI_INSTALL:
  FOODCOOP_NAME:
  FOODCOOP_PHONE:
  FOODCOOP_STREET:
  FOODCOOP_TIME_ZONE:
  FOODCOOP_ZIP_CODE:
  LOG_LEVEL:
  MYSQL_DB: foodsoft
  MYSQL_HOST: db
  MYSQL_PORT: 3306
  MYSQL_USER: foodsoft
  QUEUE: foodsoft_notifier
  REDIS_URL: redis://cache:6379
  SECRET_KEY_BASE_FILE: /run/secrets/secret_key_base
  SMTP_ADDRESS:
  SMTP_AUTHENTICATION:
  SMTP_DOMAIN:
  SMTP_ENABLE_STARTTLS_AUTO:
  SMTP_PASSWORD_FILE: /run/secrets/smtp_password
  SMTP_PORT:
  SMTP_USER_NAME:
x-configs: &configs
  - source: app_config
    target: /usr/src/app/config/app_config.yml
  - source: db_config
    target: /usr/src/app/config/database.yml
  - source: production_env
    target: /usr/src/app/config/environments/production.rb
  - source: entrypoint
    target: /usr/src/app/docker-entrypoint.sh
    mode: 0555
x-secrets: &secrets
  - db_password
  - secret_key_base
  - smtp_password
services:
  app:
    image: foodcoops/foodsoft:4.7.1
    networks:
      - internal
      - proxy
    secrets: *secrets
    configs: *configs
    entrypoint: &entrypoint /usr/src/app/docker-entrypoint.sh
    environment:
      !%21merge <<: *env
      FOODSOFT_SERVICE: app
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
      interval: 15s
      timeout: 10s
      retries: 10
      start_period: 1m
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.foodsoft.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.foodsoft.entrypoints=web-secure"
        - "traefik.http.services.foodsoft.loadbalancer.server.port=3000"
        - "traefik.http.routers.foodsoft.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - coop-cloud.${STACK_NAME}.app.version=4.7.1-
  cron:
    image: foodcoops/foodsoft:4.7.1
    environment:
      !%21merge <<: *env
      FOODSOFT_SERVICE: cron
    configs: *configs
    entrypoint: *entrypoint
    secrets: *secrets
    networks:
      - internal
    deploy:
      labels: ['coop-cloud.${STACK_NAME}.cron.version=4.7.1-']
  worker:
    image: foodcoops/foodsoft:4.7.1
    environment:
      !%21merge <<: *env
      FOODSOFT_SERVICE: worker
    configs: *configs
    entrypoint: *entrypoint
    secrets: *secrets
    networks:
      - internal
    deploy:
      labels: ['coop-cloud.${STACK_NAME}.worker.version=4.7.1-']
  smtp:
    image: foodcoops/foodsoft:4.7.1
    configs: *configs
    entrypoint: *entrypoint
    secrets: *secrets
    environment:
      !%21merge <<: *env
      FOODSOFT_SERVICE: smtp
      SMTP_SERVER_HOST:
      SMTP_SERVER_PORT:
    networks:
      - proxy
      - internal
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.tcp.routers.foodsoft-smtp.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.foodsoft-smtp.entrypoints=foodsoft-smtp"
        - "traefik.tcp.services.foodsoft-smtp.loadbalancer.server.port=${SMTP_SERVER_PORT}"
        - coop-cloud.${STACK_NAME}.smtp.version=4.7.1-
  db:
    image: "mariadb:10.6"
    command: "mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_520_ci"
    environment:
      MYSQL_USER: foodsoft
      MYSQL_DATABASE: foodsoft
      MYSQL_PASSWORD_FILE: /run/secrets/db_password
      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
    secrets:
      - db_password
      - db_root_password
    volumes:
      - "db:/var/lib/mysql"
    networks:
      - internal
    deploy:
      labels: ['coop-cloud.${STACK_NAME}.db.version=10.6-']
  cache:
    image: "redis:6"
    networks:
      - internal
    deploy:
      labels: ['coop-cloud.${STACK_NAME}.cache.version=6-']
networks:
  internal:
  proxy:
    external: true
volumes:
  db:
configs:
  app_config:
    name: ${STACK_NAME}_app_config_${APP_CONFIG_VERSION}
    file: app_config.yml.tmpl
    template_driver: golang
  db_config:
    name: ${STACK_NAME}_db_config_${DB_CONFIG_VERSION}
    file: database.yml.tmpl
    template_driver: golang
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
  production_env:
    name: ${STACK_NAME}_production_env_${PRODUCTION_ENV_VERSION}
    file: production.rb.tmpl
    template_driver: golang
secrets:
  db_password:
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
    external: true
  db_root_password:
    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
    external: true
  smtp_password:
    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
    external: true
  secret_key_base:
    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
    external: true