version: '3'

services:
  database:
    image: postgres:13.4-alpine
    environment:
      - POSTGRES_USER=hedgedoc
      - POSTGRES_PASSWORD=hedgedoc
      - POSTGRES_DB=hedgedoc
    volumes:
      - ./database:/var/lib/postgresql/data
    networks:
      cttue_web_services:
    restart: always

  app:
    image: quay.io/hedgedoc/hedgedoc:1.9.9
    environment:
      - CMD_DB_URL=postgres://hedgedoc:hedgedoc@database:5432/hedgedoc
      - CMD_DOMAIN=pad.cttue.de
      - CMD_PROTOCOL_USESSL=true
      - CMD_URL_ADDPORT=false
      - CMD_ALLOW_PDF_EXPORT=true
      - CMD_ALLOW_FREEURL=true
      - CMD_SESSION_SECRET=9yonH247cLTXEqDv9JTGEygBCxk7fHXfYY2ckkhY7n0KPEuzRJ6yfmcUNBVcEJQI
      - CMD_ALLOW_EMAIL_REGISTER=false # We have SSO ;) But still allow existing accounts.
      # SSO stuff
      - CMD_OAUTH2_USER_PROFILE_URL=https://auth.cttue.de/realms/cttue/protocol/openid-connect/userinfo
      - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
      - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
      - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
      - CMD_OAUTH2_TOKEN_URL=https://auth.cttue.de/realms/cttue/protocol/openid-connect/token
      - CMD_OAUTH2_AUTHORIZATION_URL=https://auth.cttue.de/realms/cttue/protocol/openid-connect/auth
      - CMD_OAUTH2_CLIENT_ID=hedgedoc
      - CMD_OAUTH2_CLIENT_SECRET=qh6WUZW7eZ8JAzDzeS9A1VJKHQ9jUO1o
      - CMD_OAUTH2_PROVIDERNAME=Keycloak
      - CMD_OAUTH2_SCOPE=openid email profile
      # nginx-proxy stuff
      - VIRTUAL_HOST=pad.cttue.de
      - VIRTUAL_PORT=3000
      - LETSENCRYPT_HOST=pad.cttue.de
    volumes:
      - ./uploads:/hedgedoc/public/uploads
    networks:
      cttue_web_services:
    restart: always
    depends_on:
      - database

networks:
  cttue_web_services:
    external: true