version: "3"
services:
  yonote:
    container_name: yonote
    image: images.updates.yonote.ru/yonote:${APP_VERSION}
    env_file:
      - .env
    ports:
      - "3000"
    depends_on:
      - postgres
      - redis
      - keycloak
      - s3-client
    command: yarn start:selfhosted
    environment:
      BIND_HOST: 0.0.0.0
      PORT: 3000
      URL: ${YNT_HTTP_PROTOCOL}${BASENAME_FOR_SUBDOMAIN}
      COLLABORATION_URL: ${YNT_WEBSOCKET_PROTOCOL}${BASENAME_FOR_SUBDOMAIN}
      DATABASE_URL: postgres://${YNT_DB_USER}:${YNT_DB_PASSWORD}@postgres:5432/${YNT_DB_NAME}
      OIDC_CLIENT_ID: yonote
      OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET}
      OIDC_AUTH_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/auth
      OIDC_TOKEN_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/token
      OIDC_USERINFO_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/userinfo
      OIDC_LOGOUT_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/logout
      AWS_S3_UPLOAD_BUCKET_URL: ${MINIO_YNT_URL}
      AWS_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID}
      AWS_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY}
      AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket
      AWS_REGION: xx-xxxx-x
      TELEGRAM_API_URL: https://api.telegram.org
      OIDC_DISPLAY_NAME: email
      OIDC_SCOPES: openid email
      REDIS_URL: redis://redis:6379
      PGSSLMODE: disable
      USE_LEGACY_LOGOUT: true
      AWS_S3_FORCE_PATH_STYLE: true
      AWS_S3_ACL: private
    volumes:
      - ./License.key:/opt/yonote/License.key
    networks:
      - yonote-network
    external_links:
     - "nginx:${KC_YNT_HOST}"
     - "nginx:${MINIO_YNT_HOST}"

  redis:
    container_name: redis
    image: redis:7-alpine
    restart: unless-stopped
    user: "redis:redis"
    networks:
      - yonote-network

  postgres:
    container_name: postgres
    image: postgres:14
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${YNT_DB_NAME}
      POSTGRES_USER: ${YNT_DB_USER}
      POSTGRES_PASSWORD: ${YNT_DB_PASSWORD}
      KC_DB_USERNAME: ${KC_DB_USERNAME}
      KC_DB_PASSWORD: ${KC_DB_PASSWORD}
      user: "postgres:postgres"
    volumes:
      - db:/var/lib/postgresql/data
      - ./postgres/init-keycloak-db.sh:/docker-entrypoint-initdb.d/init-keycloak-db.sh
    networks:
      - yonote-network

  s3:
    container_name: minio
    image: minio/minio:RELEASE.2024-03-03T17-50-39Z
    restart: unless-stopped
    environment:
      - MINIO_ROOT_USER=${MINIO_ADMIN_USERNAME}
      - MINIO_ROOT_PASSWORD=${MINIO_ADMIN_PASSWORD}
    command: server --address :9000 --console-address :9001 /data
    ports:
      - "9000"
      - "9001"
    volumes:
      - minio:/data
    networks:
      - yonote-network

  s3-client:
    container_name: minio-client
    image: minio/mc:RELEASE.2022-08-28T20-08-11Z
    volumes:
      - ./minio:/tmp/policies
    environment:
      MINIO_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID}
      MINIO_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY}
      MINIO_ADMIN_USERNAME: ${MINIO_ADMIN_USERNAME}
      MINIO_ADMIN_PASSWORD: ${MINIO_ADMIN_PASSWORD}
    entrypoint: >
      /bin/sh -c "
      /usr/bin/mc config host add myminio http://minio:9000 ${MINIO_ADMIN_USERNAME} ${MINIO_ADMIN_PASSWORD};
      /usr/bin/mc mb myminio/yonote-bucket;
      /usr/bin/mc policy set-json /tmp/policies/minio-bucket-policy.json myminio/yonote-bucket;
      /usr/bin/mc admin user add myminio ${MINIO_ACCESS_KEY_ID} ${MINIO_SECRET_ACCESS_KEY};
      /usr/bin/mc admin policy add myminio yonote-policy /tmp/policies/minio-user-policy.json;
      /usr/bin/mc admin policy set myminio yonote-policy user=${MINIO_ACCESS_KEY_ID};
      exit 0;
      "
    networks:
      - yonote-network
    depends_on:
      - s3

  keycloak:
    container_name: keycloak
    image: images.updates.yonote.ru/yonote-keycloak:${AUTH_VERSION}
    ports:
      - "8080"
    environment:
      KC_HOSTNAME: ${KC_YNT_HOST}
      OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET}
      YNT_HTTP_PROTOCOL: ${YNT_HTTP_PROTOCOL}
      BASENAME_FOR_SUBDOMAIN: ${BASENAME_FOR_SUBDOMAIN}
      KEYCLOAK_ADMIN: ${KC_USERNAME}
      KEYCLOAK_ADMIN_PASSWORD: ${KC_PASSWORD}
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: ${KC_DB_USERNAME}
      KC_DB_PASSWORD: ${KC_DB_PASSWORD}
      PROXY_ADDRESS_FORWARDING: true
      KC_PROXY_ADDRESS_FORWARDING: true
      KC_PROXY: edge
      KC_HOSTNAME_STRICT: false
      KC_HOSTNAME_STRICT_HTTPS: false
      KC_HTTP_ENABLED: true
      # KC_HTTPS_ENABLED: false
      # KC_HOSTNAME_DEBUG: true
    command: start-dev --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm
    networks:
      - yonote-network
    depends_on:
      - postgres

  nginx:
    container_name: nginx
    image: nginx
    ports:
      - 80:80
    environment:
      BASENAME_FOR_SUBDOMAIN: ${BASENAME_FOR_SUBDOMAIN}
      MINIO_YNT_HOST: ${MINIO_YNT_HOST}
      MINIO_ADMIN_YNT_HOST: ${MINIO_ADMIN_YNT_HOST}
      KC_YNT_HOST: ${KC_YNT_HOST}
      DOLLAR: "$"
    volumes:
      - ./nginx/default.conf.tmpl:/etc/nginx/conf.d/default.conf.tmpl
    networks:
      yonote-network:
    depends_on:
      - postgres
      - redis
      - keycloak
      - s3-client
      - yonote
    command: /bin/bash -c "envsubst < /etc/nginx/conf.d/default.conf.tmpl > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"

networks:
  yonote-network:
    name: yonote-internal-network

volumes:
  db:
  minio: