---
version: "3.8"

services:
  app:
    image: "foodcoops/foodsoft:4.7.1"
    networks:
      - internal
      - proxy
    secrets:
      - db_password
      - secret_key_base
      - smtp_password
    configs:
      - source: app_config
        target: /usr/src/app/config/app_config.yml
      - source: db_config
        target: /usr/src/app/config/database.yml
      - source: entrypoint
        target: /usr/src/app/docker-entrypoint.sh
        mode: 0555
    entrypoint: /usr/src/app/docker-entrypoint.sh
    environment:
      - DOMAIN
      - EMAIL_ERROR
      - EMAIL_REPLY
      - EMAIL_SENDER
      - FOODCOOP_CITY
      - FOODCOOP_COUNTRY
      - FOODCOOP_EMAIL
      - FOODCOOP_FOOTER
      - FOODCOOP_HELP_URL
      - FOODCOOP_HOMEPAGE
      - FOODCOOP_NAME
      - FOODCOOP_PHONE
      - FOODCOOP_STREET
      - FOODCOOP_TIME_ZONE
      - FOODCOOP_ZIP_CODE
      - FOODSOFT_SERVICE=app
      - MYSQL_DB=foodsoft
      - MYSQL_HOST=db
      - MYSQL_PORT=3306
      - MYSQL_USER=foodsoft
      - QUEUE=foodsoft_notifier
      - REDIS_URL=redis://cache:6379
      - SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
      - SMTP_ADDRESS
      - SMTP_AUTHENTICATION
      - SMTP_DOMAIN
      - SMTP_ENABLE_STARTTLS_AUTO
      - SMTP_PASSWORD_FILE=/run/secrets/smtp_password
      - SMTP_PORT
      - SMTP_USER_NAME
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000"]
      interval: 15s
      timeout: 10s
      retries: 10
      start_period: 1m
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.foodsoft.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.foodsoft.entrypoints=web-secure"
        - "traefik.http.services.foodsoft.loadbalancer.server.port=3000"
        - "traefik.http.routers.foodsoft.tls.certresolver=${LETS_ENCRYPT_ENV}"

  cron:
    image: "foodcoops/foodsoft:4.7.0"
    environment:
      - FOODSOFT_SERVICE=cron
      - MYSQL_DB
      - MYSQL_HOST
      - MYSQL_PORT
      - MYSQL_USER
      - SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
    configs:
      - source: db_config
        target: /usr/src/app/config/database.yml
      - source: entrypoint
        target: /usr/src/app/docker-entrypoint.sh
        mode: 0555
    entrypoint: /usr/src/app/docker-entrypoint.sh
    secrets:
      - db_password
      - secret_key_base
    networks:
      - internal

  worker:
    image: "foodcoops/foodsoft:4.7.0"
    environment:
      - FOODSOFT_SERVICE=worker
      - MYSQL_DB
      - MYSQL_HOST
      - MYSQL_PORT
      - MYSQL_USER
      - REDIS_URL=redis://cache:6379
      - SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
    configs:
      - source: db_config
        target: /usr/src/app/config/database.yml
      - source: entrypoint
        target: /usr/src/app/docker-entrypoint.sh
        mode: 0555
    entrypoint: /usr/src/app/docker-entrypoint.sh
    secrets:
      - db_password
      - secret_key_base
    networks:
      - internal

  smtp:
    image: "foodcoops/foodsoft:4.7.0"
    configs:
      - source: db_config
        target: /usr/src/app/config/database.yml
      - source: entrypoint
        target: /usr/src/app/docker-entrypoint.sh
        mode: 0555
    entrypoint: /usr/src/app/docker-entrypoint.sh
    secrets:
      - db_password
      - secret_key_base
    environment:
      - FOODSOFT_SERVICE=smtp
      - MYSQL_DB
      - MYSQL_HOST
      - MYSQL_PORT
      - MYSQL_USER
      - SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
      - SMTP_SERVER_HOST
      - SMTP_SERVER_PORT
    networks:
      - proxy
      - internal
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.tcp.routers.foodsoft-smtp.rule=HostSNI(`*`)"
        - "traefik.tcp.routers.foodsoft-smtp.entrypoints=foodsoft-smtp"
        - "traefik.tcp.services.foodsoft-smtp.loadbalancer.server.port=${SMTP_SERVER_PORT}"

  db:
    image: "mariadb:10.5"
    command: "mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_520_ci"
    environment:
      - MYSQL_USER=foodsoft
      - MYSQL_DATABASE=foodsoft
      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
    secrets:
      - db_password
      - db_root_password
    volumes:
      - "db:/var/lib/mysql"
    networks:
      - internal

  cache:
    image: "redis:6"
    networks:
      - internal

networks:
  internal:
  proxy:
    external: true

volumes:
  db:

configs:
  app_config:
    name: ${STACK_NAME}_app_config_${APP_CONFIG_VERSION}
    file: app_config.yml.tmpl
    template_driver: golang
  db_config:
    name: ${STACK_NAME}_db_config_${DB_CONFIG_VERSION}
    file: database.yml.tmpl
    template_driver: golang
  entrypoint:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

secrets:
  db_password:
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
    external: true
  db_root_password:
    name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
    external: true
  smtp_password:
    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
    external: true
  secret_key_base:
    name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION}
    external: true