version: '3.8'

networks:
  doorcode:
    attachable: true

secrets:
  webserver_cert:
    name: webserver_cert-${CI_JOB_ID}
    file: $WEBSERVER_CERT
  webserver_key:
    name: webserver_key-${CI_JOB_ID}
    file: $WEBSERVER_KEY
  root_cert:
    name: root_cert-${CI_JOB_ID}
    file: $ROOT_CERT
  wwu_webserver_cert:
    name: wwu_webserver_cert-${CI_JOB_ID}
    file: $WWU_WEBSERVER_CERT
  wwu_webserver_key:
    name: wwu_webserver_key-${CI_JOB_ID}
    file: $WWU_WEBSERVER_KEY
  wwu_root_cert:
    name: wwu_root_cert-${CI_JOB_ID}
    file: $WWU_ROOT_CERT
  postgres_password:
    name: postgres_password
    file: $POSTGRES_PASSWORD

volumes:
  doorcode_db:
    external: true
  doorcode_pgadmin-data:
    external: true

services:
  webserver:
    image: $NGINX_IMAGE_NAME
    healthcheck:
      test: [ "CMD", "curl", "--fail", "--insecure", "--silent", "https://localhost/health" ]
      interval: 30s
      timeout: 3s
      retries: 3
    secrets:
      - webserver_cert
      - webserver_key
      - root_cert
      - wwu_webserver_cert
      - wwu_webserver_key
      - wwu_root_cert
    ports:
      - '4433:4433'
      - '443:443'
      - '80:80'
    volumes:
      - $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
      - $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
      - $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
    logging:
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - doorcode
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        delay: 5s
      rollback_config:
        parallelism: 0
        order: stop-first
  postgres:
    image: postgres:13-alpine
    secrets:
      - postgres_password
    volumes:
      - doorcode_db:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: web
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
      POSTGRES_DB: doorcode
      TZ: America/Los_Angeles
    logging:
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - doorcode
  dbadmin:
    image: dpage/pgadmin4:4.30
    volumes:
      - doorcode_pgadmin-data:/var/lib/pgadmin
    environment:
      PGADMIN_DEFAULT_EMAIL: admin@elock
      PGADMIN_DEFAULT_PASSWORD: Please change the default password.
    logging:
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - doorcode
  api:
    image: $DOORCODE_IMAGE_NAME
    environment:
      TZ: America/Los_Angeles
    healthcheck:
      test: [ "CMD", "/healthcheck.sh" ]
      interval: 30s
      timeout: 3s
      retries: 3
    volumes:
      - $PROJ_DIR/controller-bins:/var/www/backend/storage/app/controller/binaries:ro
      - $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
      - $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
      - $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
    logging:
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - doorcode
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        delay: 5s
      rollback_config:
        parallelism: 0
        order: stop-first