version: '3.7'

services:
  tipi-reverse-proxy:
    container_name: tipi-reverse-proxy
    image: traefik:v2.8
    restart: on-failure
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    command: --providers.docker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${PWD}/traefik:/root/.config
      - ${PWD}/traefik/shared:/shared
    networks:
      - tipi_main_network

  tipi-db:
    container_name: tipi-db
    image: postgres:14
    restart: unless-stopped
    stop_grace_period: 1m
    volumes:
      - pgdata:/var/lib/postgresql/data
    ports:
      - 5432:5432
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_USER: tipi
      POSTGRES_DB: tipi
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -d tipi -U tipi']
      interval: 5s
      timeout: 10s
      retries: 120
    networks:
      - tipi_main_network

  tipi-redis:
    container_name: tipi-redis
    image: redis:7.2.0
    restart: unless-stopped
    command: redis-server --requirepass ${REDIS_PASSWORD}
    ports:
      - 6379:6379
    volumes:
      - redisdata:/data
    healthcheck:
      test: ['CMD', 'redis-cli', 'ping']
      interval: 5s
      timeout: 10s
      retries: 120
    networks:
      - tipi_main_network

  tipi-worker:
    build:
      context: .
      dockerfile: ./packages/worker/Dockerfile
    container_name: tipi-worker
    healthcheck:
      test: ['CMD', 'curl', '-f', 'http://localhost:3000/healthcheck']
      interval: 5s
      timeout: 10s
      retries: 120
      start_period: 5s
    depends_on:
      tipi-db:
        condition: service_healthy
      tipi-redis:
        condition: service_healthy
    env_file:
      - .env
    environment:
      NODE_ENV: production
    volumes:
      - /proc:/host/proc
      - /var/run/docker.sock:/var/run/docker.sock
      - ${PWD}/.env:/app/.env
      - ${PWD}/state:/app/state
      - ${PWD}/repos:/app/repos
      - ${PWD}/apps:/app/apps
      - ${STORAGE_PATH:-$PWD}/app-data:/storage/app-data
      - ${PWD}/logs:/app/logs
      - ${PWD}/traefik:/app/traefik
      - ${PWD}/user-config:/app/user-config
    networks:
      - tipi_main_network

  tipi-dashboard:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: tipi-dashboard
    depends_on:
      tipi-db:
        condition: service_healthy
      tipi-redis:
        condition: service_healthy
      tipi-worker:
        condition: service_healthy
    env_file:
      - .env
    environment:
      NODE_ENV: development
    networks:
      - tipi_main_network
    ports:
      - 3000:3000
    volumes:
      - ${PWD}/.env:/runtipi/.env
      - ${PWD}/state:/runtipi/state
      - ${PWD}/repos:/runtipi/repos:ro
      - ${PWD}/apps:/runtipi/apps
      - ${PWD}/logs:/app/logs
      - ${PWD}/traefik:/runtipi/traefik
      - ${STORAGE_PATH}:/app/storage
    labels:
      traefik.enable: true
      traefik.http.services.dashboard.loadbalancer.server.port: 3000
      traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
      # Local ip
      traefik.http.routers.dashboard.rule: PathPrefix("/")
      traefik.http.routers.dashboard.service: dashboard
      traefik.http.routers.dashboard.entrypoints: web
      # Local domain
      traefik.http.routers.dashboard-local-insecure.rule: Host(`${LOCAL_DOMAIN}`)
      traefik.http.routers.dashboard-local-insecure.entrypoints: web
      traefik.http.routers.dashboard-local-insecure.service: dashboard
      traefik.http.routers.dashboard-local-insecure.middlewares: redirect-to-https
      # secure
      traefik.http.routers.dashboard-local.rule: Host(`${LOCAL_DOMAIN}`)
      traefik.http.routers.dashboard-local.entrypoints: websecure
      traefik.http.routers.dashboard-local.tls: true
      traefik.http.routers.dashboard-local.service: dashboard

networks:
  tipi_main_network:
    driver: bridge
    name: runtipi_tipi_main_network

volumes:
  pgdata:
  redisdata: