name: sure
networks:
  traefik:
    name: traefik
    external: true
  internal_net:
    name: sure_internal_net
    driver: bridge

services:
  sure-db:
    image: postgres:16-alpine
    container_name: ${CONTAINER_NAME}-db
    restart: ${RESTART_POLICY}
    environment:
      - POSTGRES_DB=${DB_DATABASE}
      - POSTGRES_PASSWORD=${DB_PASSWORD}
      - POSTGRES_USER=${DB_USER}
    volumes:
      - type: bind
        source: ${DB_PATH}
        target: /var/lib/postgresql/data
        bind:
          create_host_path: true
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - internal_net
    cpu_shares: 90
    deploy:
      resources:
        limits:
          memory: 15841M

  sure-redis:
    image: redis:7-alpine
    container_name: ${CONTAINER_NAME}-redis
    restart: ${RESTART_POLICY}
    volumes:
      - type: bind
        source: ${REDIS_PATH}
        target: /data
        bind:
          create_host_path: true
    networks:
      - internal_net
    cpu_shares: 90
    deploy:
      resources:
        limits:
          memory: 15841M

  web:
    image: ghcr.io/we-promise/sure:stable
    container_name: ${CONTAINER_NAME}-web
    restart: ${RESTART_POLICY}
    depends_on:
      sure-db:
        condition: service_started
      sure-redis:
        condition: service_started
    environment:
      - SELF_HOSTED=${SELF_HOSTED}
      - ALLOW_REGISTRATION=${ALLOW_REGISTRATION}
      - SECRET_KEY_BASE=${SECRET_KEY_BASE}
      - RAILS_ASSUME_SSL=${RAILS_ASSUME_SSL}
      - RAILS_FORCE_SSL=${RAILS_FORCE_SSL}
      - DB_HOST=sure-db
      - POSTGRES_DB=${DB_DATABASE}
      - POSTGRES_USER=${DB_USER}
      - POSTGRES_PASSWORD=${DB_PASSWORD}
      - REDIS_URL=${REDIS_URL}
    volumes:
      - type: bind
        source: ${STORAGE_PATH}
        target: /rails/storage
        bind:
          create_host_path: true
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - traefik
      - internal_net
    cpu_shares: 90
    deploy:
      resources:
        limits:
          memory: 15841M
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${ROUTER_NAME}.entrypoints=websecure"
      - "traefik.http.routers.${ROUTER_NAME}.rule=Host(`${SUBDOMAIN}.${DOMAIN}`)"
      - "traefik.http.routers.${ROUTER_NAME}.tls=true"
      - "traefik.http.routers.${ROUTER_NAME}.tls.certresolver=${CERTIFICATE_RESOLVER}"
      - "traefik.http.services.${ROUTER_NAME}.loadbalancer.server.port=${CONTAINER_PORT}"
      - "traefik.docker.network=${TRAEFIK_NETWORK}"

  worker:
    image: ghcr.io/we-promise/sure:stable
    container_name: ${CONTAINER_NAME}-worker
    restart: ${RESTART_POLICY}
    command:
      - /rails/bin/docker-entrypoint
      - ./bin/bundle
      - exec
      - sidekiq
    depends_on:
      sure-db:
        condition: service_started
      sure-redis:
        condition: service_started
    environment:
      - APP_URL=https://${SUBDOMAIN}.${DOMAIN}
      - DB_HOST=sure-db
      - POSTGRES_DB=${DB_DATABASE}
      - POSTGRES_USER=${DB_USER}
      - POSTGRES_PASSWORD=${DB_PASSWORD}
      - REDIS_URL=${REDIS_URL}
      - SECRET_KEY_BASE=${SECRET_KEY_BASE}
    volumes:
      - type: bind
        source: ${STORAGE_PATH}
        target: /rails/storage
        bind:
          create_host_path: true
      - type: bind
        source: ${BANKING_PATH}
        target: /rails/config/enable_banking.pem
        read_only: true
        bind:
          create_host_path: true
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - internal_net
    cpu_shares: 90
    deploy:
      resources:
        limits:
          memory: 15841M