{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE

version: "3.8"

services:
  db:
    image: postgres:{{ services.hedgedoc.postgres_version }}
    restart: unless-stopped
    volumes:
      - "./db:/var/lib/postgresql/data"
    environment:
      POSTGRES_USER: codimd
      POSTGRES_PASSWORD: "{{ postgres_passwords.hedgedoc }}"
      POSTGRES_DB: codimd

  app:
    image: quay.io/hedgedoc/hedgedoc:{{ services.hedgedoc.version }}
    volumes:
      - "./hedgedoc/uploads:/hedgedoc/public/uploads"
      - "./sso.data.coop.pem:/sso.data.coop.pem"
    restart: unless-stopped
    networks:
      - default
      - external_services
    environment:
      CMD_DB_URL: postgres://codimd:{{ postgres_passwords.hedgedoc }}@db:5432/codimd
      CMD_DOMAIN: "{{ services.hedgedoc.domain }}"
      CMD_ALLOW_EMAIL_REGISTER: False
      CMD_IMAGE_UPLOAD_TYPE: filesystem
      CMD_EMAIL: False
      CMD_SAML_IDPCERT: /sso.data.coop.pem
      CMD_SAML_IDPSSOURL: https://{{ services.keycloak.domain }}/auth/realms/datacoop/protocol/saml
      CMD_SAML_ISSUER: hedgedoc
      CMD_SAML_IDENTIFIERFORMAT: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
      CMD_USECDN: false
      CMD_PROTOCOL_USESSL: true
      VIRTUAL_HOST: "{{ services.hedgedoc.domain }}"
      LETSENCRYPT_HOST: "{{ services.hedgedoc.domain }}"
      LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}"
    depends_on:
      - db

networks:
  external_services:
    external: true