---
version: "3.8"

services:
  synapse:
    image: "matrixdotorg/synapse:latest"
    volumes:
      - "synapse:/data"
    environment:
      - VIRTUAL_HOST=${DOMAIN}
      - VIRTUAL_PORT=8008
      - LETSENCRYPT_HOST=${DOMAIN}
      - SYNAPSE_SERVER_NAME=${DOMAIN}
      - SYNAPSE_REPORT_STATS=no
      - TURN_SERVER=${DOMAIN}
      - TURN_PORT=3478
    networks: 
      - proxy
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8008"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
      restart_policy:
        condition: on-failure
        delay: "60s"
        max_attempts: 3
        window: 120s
    entrypoint: /docker-entrypoint.sh
    configs:
      - source: entrypoint_conf
        target: /docker-entrypoint.sh
        mode: 0555
    secrets:
      - coturn_shared_secret

  coturn:
    image: instrumentisto/coturn:latest
    networks:
     - swarm_host
    secrets:
      - coturn_shared_secret
    configs:
      - source: turnserver_conf
        target: /etc/coturn/turnserver.conf

volumes:
  synapse:
  traefik_letsencrypt:
    external: true

networks:
  proxy:
    external: true
  internal:
  # use host-mode networking until Docker can handle mass port-forwards:
  # https://github.com/moby/moby/issues/11185
  swarm_host:
    external:
      name: 'host'

configs:
  entrypoint_conf:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
  turnserver_conf:
    name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
    file: turnserver.conf.tmpl
    template_driver: golang

secrets:
  coturn_shared_secret:    
    external: true 
    name: ${STACK_NAME}_coturn_shared_secret_${COTURN_SHARED_SECRET_VERSION}