version: "3.8"

# In this Docker Compose example, we use Docker Swarm to deploy Reactive Resume on multiple servers, with Traefik as the load balancer.
# Ensure that the overlay network is created before deploying this stack. You can do so by running the following command:
# docker network create --driver=overlay --attachable reactive_resume_network

services:
  # Database (Postgres)
  postgres:
    image: postgres:alpine
    networks:
      - reactive_resume_network
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: postgres
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres -d postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure

  # Storage (for image uploads)
  minio:
    image: minio/minio
    command: server /data
    networks:
      - reactive_resume_network
    volumes:
      - minio_data:/data
    environment:
      MINIO_ROOT_USER: minioadmin
      MINIO_ROOT_PASSWORD: minioadmin
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        - traefik.http.routers.storage.rule=Host(`storage.arkpg.xyz`)
        - traefik.http.routers.storage.entrypoints=websecure
        - traefik.http.routers.storage.tls.certresolver=letsencrypt
        - traefik.http.services.storage.loadbalancer.server.port=9000

  # Chrome Browser (for printing and previews)
  chrome:
    image: browserless/chrome:1.61.0-puppeteer-21.4.1
    networks:
      - reactive_resume_network
    environment:
      TOKEN: chrome_token
    deploy:
      replicas: 3
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        - traefik.http.routers.printer.rule=Host(`printer.arkpg.xyz`)
        - traefik.http.routers.printer.entrypoints=websecure
        - traefik.http.routers.printer.tls.certresolver=letsencrypt
        - traefik.http.services.printer.loadbalancer.server.port=3000

  # Redis (for cache & server session management)
  redis:
    image: redis:alpine
    command: redis-server --save 60 1 --loglevel warning --bind 0.0.0.0 --requirepass password
    networks:
      - reactive_resume_network
    volumes:
      - redis_data:/data
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure

  app:
    image: amruthpillai/reactive-resume:v4.0.0-alpha.8
    networks:
      - reactive_resume_network
    environment:
      # -- Environment Variables --
      PORT: 3000
      NODE_ENV: production

      # -- URLs --
      PUBLIC_URL: https://arkpg.xyz
      STORAGE_URL: https://storage.arkpg.xyz

      # -- Printer (Chrome) --
      CHROME_TOKEN: chrome_token
      CHROME_URL: wss://printer.arkpg.xyz

      # -- Database (Postgres) --
      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/postgres

      # -- Auth --
      ACCESS_TOKEN_SECRET: access_token_secret
      REFRESH_TOKEN_SECRET: refresh_token_secret

      # -- Emails --
      MAIL_FROM: noreply@example.com
      # SMTP_URL: smtp://user:pass@smtp:587 # Optional

      # -- Storage (Minio) --
      STORAGE_ENDPOINT: minio
      STORAGE_PORT: 9000
      STORAGE_REGION: us-east-1 # Optional
      STORAGE_BUCKET: default
      STORAGE_ACCESS_KEY: minioadmin
      STORAGE_SECRET_KEY: minioadmin

      # -- Cache (Redis) --
      REDIS_URL: redis://default:password@redis:6379

      # -- Sentry --
      # VITE_SENTRY_DSN: https://id.sentry.io # Optional

      # -- Crowdin (Optional) --
      CROWDIN_PROJECT_ID:
      CROWDIN_PERSONAL_TOKEN:

      # -- Email --
      # DISABLE_EMAIL_AUTH: true

      # -- GitHub --
      GITHUB_CLIENT_ID: github_client_id
      GITHUB_CLIENT_SECRET: github_client_secret
      GITHUB_CALLBACK_URL: https://arkpg.xyz/api/auth/github/callback

      # -- Google --
      GOOGLE_CLIENT_ID: google_client_id
      GOOGLE_CLIENT_SECRET: google_client_secret
      GOOGLE_CALLBACK_URL: https://arkpg.xyz/api/auth/google/callback
    deploy:
      replicas: 3
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        - traefik.http.routers.app.rule=Host(`arkpg.xyz`)
        - traefik.http.routers.app.entrypoints=websecure
        - traefik.http.routers.app.tls.certresolver=letsencrypt
        - traefik.http.services.app.loadbalancer.server.port=3000

  traefik:
    image: traefik
    command:
      - --api=true
      - --providers.docker=true
      - --providers.docker.swarmMode=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=reactive_resume_network
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
      - --certificatesresolvers.letsencrypt.acme.email=noreply@arkpg.xyz
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json

      # Let's Encrypt Staging Server (for testing)
      # - --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory

      # Redirect all HTTP requests to HTTPS
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
      - reactive_resume_network
    volumes:
      - letsencrypt_data:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      placement:
        constraints: [node.role == manager]

volumes:
  minio_data:
  redis_data:
  postgres_data:
  letsencrypt_data:

networks:
  reactive_resume_network:
    external: true