# vi: ft=yaml
version: '3'

networks:
  traefik:
    external: true

volumes:
  uploads:
    driver_opts:
      type: "nfs"
      o: "addr=lewis.dmz,nolock,soft,rw"
      device: ":/mnt/data/nfs/hedgedoc/uploads"

services:
  hedgedoc:
    image: quay.io/hedgedoc/hedgedoc:1.9.7
    environment:
      - CMD_DB_URL=postgres://hedgedoc:{{ database_passwords.hedgedoc }}@lewis.dmz:5432/hedgedoc
      - CMD_DOMAIN=md.kun.is
      - CMD_PORT=3000
      - CMD_URL_ADDPORT=false
      - CMD_ALLOW_ANONYMOUS=true
      - CMD_ALLOW_EMAIL_REGISTER=false
      - CMD_PROTOCOL_USESSL=true
      - CMD_SESSION_SECRET={{ session_secret }}
    volumes:
      - type: volume
        source: uploads
        target: /hedgedoc/public/uploads
        volume:
          nocopy: true
    networks:
      - traefik
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.hedgedoc.entrypoints=websecure
        - traefik.http.routers.hedgedoc.rule=Host(`md.kun.is`)
        - traefik.http.routers.hedgedoc.tls=true
        - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt
        - traefik.http.routers.hedgedoc.service=hedgedoc
        - traefik.http.services.hedgedoc.loadbalancer.server.port=3000
        - traefik.docker.network=traefik