version: "3.8" services: redis: image: redis:7-alpine command: redis-server --appendonly yes --appendfsync everysec volumes: - redis_data:/data healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 5 deploy: replicas: 1 restart_policy: condition: any delay: 5s placement: max_replicas_per_node: 1 networks: - honeydue-network api: image: ${API_IMAGE} ports: - target: 8000 published: ${API_PORT} protocol: tcp mode: ingress environment: PORT: "8000" DEBUG: "${DEBUG}" ALLOWED_HOSTS: "${ALLOWED_HOSTS}" CORS_ALLOWED_ORIGINS: "${CORS_ALLOWED_ORIGINS}" TIMEZONE: "${TIMEZONE}" BASE_URL: "${BASE_URL}" ADMIN_PANEL_URL: "${ADMIN_PANEL_URL}" DB_HOST: "${DB_HOST}" DB_PORT: "${DB_PORT}" POSTGRES_USER: "${POSTGRES_USER}" POSTGRES_DB: "${POSTGRES_DB}" DB_SSLMODE: "${DB_SSLMODE}" DB_MAX_OPEN_CONNS: "${DB_MAX_OPEN_CONNS}" DB_MAX_IDLE_CONNS: "${DB_MAX_IDLE_CONNS}" DB_MAX_LIFETIME: "${DB_MAX_LIFETIME}" REDIS_URL: "${REDIS_URL}" REDIS_DB: "${REDIS_DB}" EMAIL_HOST: "${EMAIL_HOST}" EMAIL_PORT: "${EMAIL_PORT}" EMAIL_HOST_USER: "${EMAIL_HOST_USER}" DEFAULT_FROM_EMAIL: "${DEFAULT_FROM_EMAIL}" EMAIL_USE_TLS: "${EMAIL_USE_TLS}" APNS_AUTH_KEY_PATH: "/run/secrets/apns_auth_key" APNS_AUTH_KEY_ID: "${APNS_AUTH_KEY_ID}" APNS_TEAM_ID: "${APNS_TEAM_ID}" APNS_TOPIC: "${APNS_TOPIC}" APNS_USE_SANDBOX: "${APNS_USE_SANDBOX}" APNS_PRODUCTION: "${APNS_PRODUCTION}" STORAGE_UPLOAD_DIR: "${STORAGE_UPLOAD_DIR}" STORAGE_BASE_URL: "${STORAGE_BASE_URL}" STORAGE_MAX_FILE_SIZE: "${STORAGE_MAX_FILE_SIZE}" STORAGE_ALLOWED_TYPES: "${STORAGE_ALLOWED_TYPES}" FEATURE_PUSH_ENABLED: "${FEATURE_PUSH_ENABLED}" FEATURE_EMAIL_ENABLED: "${FEATURE_EMAIL_ENABLED}" FEATURE_WEBHOOKS_ENABLED: "${FEATURE_WEBHOOKS_ENABLED}" FEATURE_ONBOARDING_EMAILS_ENABLED: "${FEATURE_ONBOARDING_EMAILS_ENABLED}" FEATURE_PDF_REPORTS_ENABLED: "${FEATURE_PDF_REPORTS_ENABLED}" FEATURE_WORKER_ENABLED: "${FEATURE_WORKER_ENABLED}" APPLE_CLIENT_ID: "${APPLE_CLIENT_ID}" APPLE_TEAM_ID: "${APPLE_TEAM_ID}" GOOGLE_CLIENT_ID: "${GOOGLE_CLIENT_ID}" GOOGLE_ANDROID_CLIENT_ID: "${GOOGLE_ANDROID_CLIENT_ID}" GOOGLE_IOS_CLIENT_ID: "${GOOGLE_IOS_CLIENT_ID}" APPLE_IAP_KEY_PATH: "${APPLE_IAP_KEY_PATH}" APPLE_IAP_KEY_ID: "${APPLE_IAP_KEY_ID}" APPLE_IAP_ISSUER_ID: "${APPLE_IAP_ISSUER_ID}" APPLE_IAP_BUNDLE_ID: "${APPLE_IAP_BUNDLE_ID}" APPLE_IAP_SANDBOX: "${APPLE_IAP_SANDBOX}" GOOGLE_IAP_SERVICE_ACCOUNT_PATH: "${GOOGLE_IAP_SERVICE_ACCOUNT_PATH}" GOOGLE_IAP_PACKAGE_NAME: "${GOOGLE_IAP_PACKAGE_NAME}" command: - /bin/sh - -lc - | set -eu export POSTGRES_PASSWORD="$$(cat /run/secrets/postgres_password)" export SECRET_KEY="$$(cat /run/secrets/secret_key)" export EMAIL_HOST_PASSWORD="$$(cat /run/secrets/email_host_password)" export FCM_SERVER_KEY="$$(cat /run/secrets/fcm_server_key)" exec /app/api secrets: - source: ${POSTGRES_PASSWORD_SECRET} target: postgres_password - source: ${SECRET_KEY_SECRET} target: secret_key - source: ${EMAIL_HOST_PASSWORD_SECRET} target: email_host_password - source: ${FCM_SERVER_KEY_SECRET} target: fcm_server_key - source: ${APNS_AUTH_KEY_SECRET} target: apns_auth_key volumes: - uploads:/app/uploads healthcheck: test: ["CMD", "curl", "-f", "http://127.0.0.1:8000/api/health/"] interval: 30s timeout: 10s start_period: 15s retries: 3 deploy: replicas: ${API_REPLICAS} restart_policy: condition: any delay: 5s update_config: parallelism: 1 delay: 10s order: start-first rollback_config: parallelism: 1 delay: 5s order: stop-first networks: - honeydue-network admin: image: ${ADMIN_IMAGE} ports: - target: 3000 published: ${ADMIN_PORT} protocol: tcp mode: ingress environment: PORT: "3000" HOSTNAME: "0.0.0.0" NEXT_PUBLIC_API_URL: "${NEXT_PUBLIC_API_URL}" healthcheck: test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/admin/"] interval: 30s timeout: 10s retries: 3 deploy: replicas: ${ADMIN_REPLICAS} restart_policy: condition: any delay: 5s update_config: parallelism: 1 delay: 10s order: start-first rollback_config: parallelism: 1 delay: 5s order: stop-first networks: - honeydue-network worker: image: ${WORKER_IMAGE} environment: DB_HOST: "${DB_HOST}" DB_PORT: "${DB_PORT}" POSTGRES_USER: "${POSTGRES_USER}" POSTGRES_DB: "${POSTGRES_DB}" DB_SSLMODE: "${DB_SSLMODE}" DB_MAX_OPEN_CONNS: "${DB_MAX_OPEN_CONNS}" DB_MAX_IDLE_CONNS: "${DB_MAX_IDLE_CONNS}" DB_MAX_LIFETIME: "${DB_MAX_LIFETIME}" REDIS_URL: "${REDIS_URL}" REDIS_DB: "${REDIS_DB}" EMAIL_HOST: "${EMAIL_HOST}" EMAIL_PORT: "${EMAIL_PORT}" EMAIL_HOST_USER: "${EMAIL_HOST_USER}" DEFAULT_FROM_EMAIL: "${DEFAULT_FROM_EMAIL}" EMAIL_USE_TLS: "${EMAIL_USE_TLS}" APNS_AUTH_KEY_PATH: "/run/secrets/apns_auth_key" APNS_AUTH_KEY_ID: "${APNS_AUTH_KEY_ID}" APNS_TEAM_ID: "${APNS_TEAM_ID}" APNS_TOPIC: "${APNS_TOPIC}" APNS_USE_SANDBOX: "${APNS_USE_SANDBOX}" APNS_PRODUCTION: "${APNS_PRODUCTION}" TASK_REMINDER_HOUR: "${TASK_REMINDER_HOUR}" OVERDUE_REMINDER_HOUR: "${OVERDUE_REMINDER_HOUR}" DAILY_DIGEST_HOUR: "${DAILY_DIGEST_HOUR}" FEATURE_PUSH_ENABLED: "${FEATURE_PUSH_ENABLED}" FEATURE_EMAIL_ENABLED: "${FEATURE_EMAIL_ENABLED}" FEATURE_WEBHOOKS_ENABLED: "${FEATURE_WEBHOOKS_ENABLED}" FEATURE_ONBOARDING_EMAILS_ENABLED: "${FEATURE_ONBOARDING_EMAILS_ENABLED}" FEATURE_PDF_REPORTS_ENABLED: "${FEATURE_PDF_REPORTS_ENABLED}" FEATURE_WORKER_ENABLED: "${FEATURE_WORKER_ENABLED}" command: - /bin/sh - -lc - | set -eu export POSTGRES_PASSWORD="$$(cat /run/secrets/postgres_password)" export SECRET_KEY="$$(cat /run/secrets/secret_key)" export EMAIL_HOST_PASSWORD="$$(cat /run/secrets/email_host_password)" export FCM_SERVER_KEY="$$(cat /run/secrets/fcm_server_key)" exec /app/worker secrets: - source: ${POSTGRES_PASSWORD_SECRET} target: postgres_password - source: ${SECRET_KEY_SECRET} target: secret_key - source: ${EMAIL_HOST_PASSWORD_SECRET} target: email_host_password - source: ${FCM_SERVER_KEY_SECRET} target: fcm_server_key - source: ${APNS_AUTH_KEY_SECRET} target: apns_auth_key deploy: replicas: ${WORKER_REPLICAS} restart_policy: condition: any delay: 5s update_config: parallelism: 1 delay: 10s order: start-first rollback_config: parallelism: 1 delay: 5s order: stop-first networks: - honeydue-network dozzle: image: amir20/dozzle:latest ports: - target: 8080 published: ${DOZZLE_PORT} protocol: tcp mode: ingress environment: DOZZLE_NO_ANALYTICS: "true" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro deploy: replicas: 1 restart_policy: condition: any delay: 5s placement: constraints: - node.role == manager networks: - honeydue-network volumes: redis_data: uploads: networks: honeydue-network: driver: overlay driver_opts: encrypted: "true" secrets: postgres_password: external: true name: ${POSTGRES_PASSWORD_SECRET} secret_key: external: true name: ${SECRET_KEY_SECRET} email_host_password: external: true name: ${EMAIL_HOST_PASSWORD_SECRET} fcm_server_key: external: true name: ${FCM_SERVER_KEY_SECRET} apns_auth_key: external: true name: ${APNS_AUTH_KEY_SECRET}