version: '3'

networks:
  traefik:
    external: true
  internal:
    external: false

services:
  database:
    image: postgres:13.4-alpine
    environment:
      - POSTGRES_USER=hedgedoc
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=hedgedoc
    volumes:
      - {{ data_dir }}/database:/var/lib/postgresql/data
    restart: always
    networks:
      - internal
  app:
    image: quay.io/hedgedoc/hedgedoc:1.9.7
    environment:
      - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
      - CMD_DOMAIN={{ hedgedoc_domain }}
      - CMD_PORT=3000
      - CMD_URL_ADDPORT=false
      - CMD_ALLOW_ANONYMOUS=true
      - CMD_ALLOW_EMAIL_REGISTER=false
      - CMD_PROTOCOL_USESSL=true
      - CMD_SESSION_SECRET={{ session_secret }}
    volumes:
      - {{ data_dir }}/uploads:/hedgedoc/public/uploads
    restart: always
    depends_on:
      - database
    networks:
      - traefik
      - internal
    labels:
          - traefik.enable=true
          - traefik.http.routers.hedgedoc.entrypoints=websecure
          - traefik.http.routers.hedgedoc.rule=Host(`{{ hedgedoc_domain }}`)
          - traefik.http.routers.hedgedoc.tls=true
          - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt
          - treafik.http.routers.hedgedoc.service=hedgedoc
          - traefik.http.services.hedgedoc.loadbalancer.server.port=3000
          - traefik.docker.network=traefik