services:
  # linux-eng@psi.ch
  # Reverse Proxy handling all HTTP/HTTPS requests
  # Only container that is exposed to the network
  # Communication to other services is trough docker network
  nginx:
    image: nginx:latest
    container_name: nginx_proxy
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /etc/letsencrypt/live:/etc/letsencrypt/live:ro
      - /etc/letsencrypt/archive:/etc/letsencrypt/archive:ro
      - /etc/pki/tls/certs:/etc/nginx/certs:ro
      - /etc/pki/tls/private:/etc/nginx/private:ro
      - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - /etc/nginx/conf.d:/etc/nginx/conf.d:ro
      - /opt/webcontent/sinqstatus-test:/opt/webcontent/sinqstatus-test:ro
      - /opt/webcontent/it-strategy-dashboard/frontend/:/opt/webcontent/it-strategy-dashboard/:ro
    networks:
      - public
      - backend
 
  # linux-eng@psi.ch
  # Test app
  excalidraw:
    image: excalidraw/excalidraw:latest
    container_name: excalidraw
    restart: always
    networks:
      - backend

  # Rostomyan Tigran <tigran.rostomyan@psi.ch>
  # INC0137443
  # Elog instance
  pif-elog:
    image: gitea.psi.ch/images/elog:3.1.5
    container_name: pif-elog
    restart: always    
    volumes:
      - /opt/logbooks/pif:/usr/local/elog/logbooks
      - /opt/webcontent/pif/elog.cfg:/usr/local/elog/elogd.cfg
    networks:
      - backend  

  # Krieger Jonas Andreas <jonas.krieger@psi.ch>, Raselli Andrea-Raeto <andrea.raselli@psi.ch>
  # Elog as a Service PoC mit musr-elog.psi.ch? linux-eng@psi.ch
  lmu-elog:
    image: gitea.psi.ch/images/elog:3.1.5
    container_name: lmu-elog
    restart: always    
    volumes:
      - /opt/logbooks/LMU:/usr/local/elog/logbooks
      - /opt/webcontent/LMU/elog.cfg:/usr/local/elog/elogd.cfg
    networks:
      - backend

  # Huang He <river.huang@psi.ch>
  # Also installed on docker-dmz
  # PSI Service
  mcda-calculator:
    image: gitea.psi.ch/images/mcda-calculator:1.0.3
    container_name: mcda-calculator
    restart: always
    networks: 
      - backend

  # Romain Sacchi <romain.sacchi@psi.ch>
  swiss-ecargo:
    image: gitea.psi.ch/sacchi_r/swiss-ecargo:0.1.1
    container_name: swiss-ecargo
    restart: always
    networks:
      - backend

  # Augustin Sven <sven.augustin@psi.ch>
  # POC for SiwssFel
  hedgedoc_app:
    image: quay.io/hedgedoc/hedgedoc:1.10.1
    container_name: hedgedoc
    environment:
      - CMD_DB_URL=postgres://${hedgedoc_user}:${hedgedoc_password}@hedgedoc_db:5432/hedgedoc
      - CMD_DOMAIN=hedgedoc.psi.ch
      - CMD_URL_ADDPORT=false
      - CMD_PROTOCOL_USESSL=true
      - CMD_LDAP_URL=ldaps://dc00.d.psi.ch
      - CMD_LDAP_BINDDN=${bind_user}
      - CMD_LDAP_BINDCREDENTIALS=${bind_password}
      - CMD_LDAP_SEARCHBASE=OU=users,OU=psi,DC=d,DC=psi,DC=ch
      - CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(|(sAMAccountName={{username}})(mail={{username}})))
      - CMD_LDAP_USERIDFIELD=sAMAccountName
      - CMD_LDAP_PROVIDERNAME="PSI"
      - NODE_ENV=production
      - CMD_EMAIL=false
      - CMD_ALLOW_EMAIL_REGISTER=false
      - CMD_SESSION_SECRET=${session_secret}
    volumes:
      - /opt/webcontent/sf-hedgedoc/uploads:/hedgedoc/public/uploads
    restart: always
    depends_on:
      - hedgedoc_db 
    networks:
      - backend
      - hedgedoc_backend

  # Augustin Sven <sven.augustin@psi.ch>
  hedgedoc_db:
    image: postgres:13.4-alpine
    container_name: hedgedoc_db
    environment:
      - POSTGRES_USER={{ hedgedoc_user }}
      - POSTGRES_PASSWORD={{ hedgedoc_password }}
      - POSTGRES_DB=hedgedoc
    volumes:
      - /opt/webcontent/sf-hedgedoc/data:/var/lib/postgresql/data
    restart: always
    networks:
      - hedgedoc_backend

  # Andreas Luedeke <andreas.luedeke@psi.ch>
  # POC not running yet
  gfa-status-test:
    image: php:8.2-apache
    container_name: gfa-status-test
    volumes: 
      - /opt/webcontent/gfa-status/web:/var/www/html
    restart: always
    networks:
      - backend

  # Flechsig Uwe <uwe.flechsig@psi.ch>
  # opticswiki (test setup)
  # I assume gitea.psi.ch/images is the local image repository filled docker push
  # /opt/webcontent/opticswiki must be filled once (before starting the container)
  #   gitea.psi.ch/optics/opticswiki/ =>  make initvolumes
  opticswiki:
    image: gitea.psi.ch/images/opticswiki:1
    container_name: opticswiki
    restart: always    
    volumes:
      - /opt/webcontent/opticswiki/data:/usr/local/apache2/Foswiki-2.1.9/data
      - /opt/webcontent/opticswiki/pub:/usr/local/apache2/Foswiki-2.1.9/pub
      - /opt/webcontent/opticswiki/working:/usr/local/apache2/Foswiki-2.1.9/working
      - /opt/webcontent/opticswiki/lib:/usr/local/apache2/Foswiki-2.1.9/lib
    networks:
      - backend
 
  # Sven Augustin -Hax0rL0rd
  # CI/CD Aaddition to Gitea (Jenkins for poor people)
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:next
    container_name: woodpecker_server
    restart: always
    ports:
      - 8000:8000
    volumes:
      - /opt/webcontent/woodpecker/server:/var/lib/woodpecker/
    environment:
      - WOODPECKER_OPEN=true
      - WOODPECKER_HOST=https://woodpecker-test.psi.ch
      - WOODPECKER_AGENT_SECRET={{ WOODPECKER_AGENT_SECRET }}
      - WOODPECKER_GITEA=true
      - WOODPECKER_GITEA_URL=https://gitea-test.psi.ch
      - WOODPECKER_GITEA_CLIENT={{ WOODPECKER_GITEA_CLIENT }}
      - WOODPECKER_GITEA_SECRET={{ WOODPECKER_GITEA_SECRET }}
    networks:
      - backend
      - woodpecker_backend

  woodpecker-agent:
    image: woodpeckerci/woodpecker-agent:next
    container_name: woodpecker_agent
    command: agent
    restart: always
    depends_on:
      - woodpecker-server
    volumes:
      - /opt/webcontent/woodpecker/agent/woodpecker:/etc/woodpecker
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WOODPECKER_SERVER=woodpecker-server:9000
      - WOODPECKER_AGENT_SECRET={{ WOODPECKER_AGENT_SECRET }}
    networks:
      - woodpecker_backend

  # Angelo Sozzi INC0150655 angelo.sozzi@psi.ch
  # POC Software - might be installed on docker-dmz
  n8n:
    image: docker.n8n.io/n8nio/n8n
    container_name: n8n
    restart: always
    environment:
      - N8N_HOST=n8n
      - N8N_PORT=5678
      - N8N_PROTOCOL=http
      - NODE_ENV=production
      - WEBHOOK_URL=https://n8n.psi.ch
      - GENERIC_TIMEZONE=Europe/Zurich
      - DB_SQLITE_POOL_SIZE=4
      - N8N_RUNNERS_ENABLED=true
    volumes:
      - /opt/webcontent/n8n/n8n_data:/home/node/.n8n
      - /opt/webcontent/n8n/local_files:/files
    networks:
      - backend

# Ritter Tom <tom.ritter@psi.ch>
# It-Strategy monitoring dashboard

  it-strategy-dashboard-frontend:
    image: gitea.psi.ch/9501/it-strategy-dashboard-frontend:2.0
    container_name: it-strategy-dashboard-frontend
    command: ["sh","-c","/usr/local/bin/copyData.sh"]
    volumes:
      - /opt/webcontent/it-strategy-dashboard/frontend:/opt/webcontent/it-strategy-dashboard/frontend
    restart: "no"
    networks:
      - it_strategy_dashboard_backend

  it-strategy-dashboard-backend:
    image: gitea.psi.ch/9501/it-strategy-dashboard-backend:2.0.1
    container_name: it-strategy-dashboard-backend
    restart: always
    environment:
      - DB_HOST=it-strategy-dashboard-db
      - DB_PORT=3306
      - DB_NAME=itstrategy
      - DB_USER=${IT_DASHBOARD_DB_USER}
      - DB_PASS=${IT_DASHBOARD_DB_PW}
      - JWT_SECRET=${JWT_SECRET}
      - ADMIN_PW_HASH=${ADMIN_PW_HASH}
    depends_on:
      it-strategy-dashboard-db:
        condition: service_healthy
    networks:
      - it_strategy_dashboard_backend
      - backend

  it-strategy-dashboard-db:
    image: mariadb:12
    container_name: it-strategy-dashboard-db
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=${IT_DASHBOARD_DB_ROOT_PW}
      - MYSQL_DATABASE=itstrategy
      - MYSQL_USER=${IT_DASHBOARD_DB_USER}
      - MYSQL_PASSWORD=${IT_DASHBOARD_DB_PW}
    volumes:
      - /opt/webcontent/it-strategy-dashboard/mysql/data:/var/lib/mysql
    depends_on:
      it-strategy-dashboard-frontend:
        condition: service_completed_successfully
    networks:
      - it_strategy_dashboard_backend
    healthcheck:
      test: ["CMD", "mariadb-admin", "ping", "-h", "localhost", "-u${IT_DASHBOARD_DB_USER}", "-p${IT_DASHBOARD_DB_PW}"]
      interval: 2s
      timeout: 5s
      retries: 5

# Christoph Hug <christoph.hug@psi.ch>, Simon Suter <simon.suter@psi.ch>
# Panda-Maintenance (OpenMaint)
  panda-maintenance-db:
    image: postgis/postgis:17-3.5-alpine
    container_name: panda-maintenance-db
    volumes:
      - /opt/webcontent/panda-maintenance/data:/var/lib/postgresql/data:rw
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=${PANDA_MAINTENANCE_DB_PW}
    restart: always
    mem_limit: 4000m
    mem_reservation: 2000m
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U postgres" ]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 80s
    networks:
      - panda_maintenance_backend
  panda-maintenance-app:
    image: itmicus/cmdbuild:om-2.4-4.1.0
    container_name: panda-maintenance-app
    links:
      - panda-maintenance-db
    depends_on:
      panda-maintenance-db:
        condition: service_healthy
    restart: always
    volumes:
      - /opt/webcontent/panda-maintenance/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh:ro
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=${PANDA_MAINTENANCE_DB_PW}
      - POSTGRES_PORT=5432
      - POSTGRES_HOST=panda-maintenance-db
      - POSTGRES_DB=openmaint
      - CMDBUILD_DUMP=empty.dump.xz
      - JAVA_OPTS=-Xmx6000m -Xms3000m
    mem_limit: 6000m
    mem_reservation: 3500m
    healthcheck:
      test: [ "CMD", "curl", "-f", "-L", "http://localhost:8080/cmdbuild/ui" ]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 120s
    networks:
      - backend
      - panda_maintenance_backend


networks:
  public:
  backend:
  hedgedoc_backend:
  woodpecker_backend:
  it_strategy_dashboard_backend:
  panda_maintenance_backend: