honeyDueAPI/deploy/swarm-stack.prod.yml

version: "3.8"

services:
  redis:
    image: redis:7-alpine
    command: redis-server --appendonly yes --appendfsync everysec
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    deploy:
      replicas: 1
      restart_policy:
        condition: any
        delay: 5s
      placement:
        max_replicas_per_node: 1
    networks:
      - casera-network

  api:
    image: ${API_IMAGE}
    ports:
      - target: 8000
        published: ${API_PORT}
        protocol: tcp
        mode: ingress
    environment:
      PORT: "8000"
      DEBUG: "${DEBUG}"
      ALLOWED_HOSTS: "${ALLOWED_HOSTS}"
      CORS_ALLOWED_ORIGINS: "${CORS_ALLOWED_ORIGINS}"
      TIMEZONE: "${TIMEZONE}"
      BASE_URL: "${BASE_URL}"
      ADMIN_PANEL_URL: "${ADMIN_PANEL_URL}"

      DB_HOST: "${DB_HOST}"
      DB_PORT: "${DB_PORT}"
      POSTGRES_USER: "${POSTGRES_USER}"
      POSTGRES_DB: "${POSTGRES_DB}"
      DB_SSLMODE: "${DB_SSLMODE}"
      DB_MAX_OPEN_CONNS: "${DB_MAX_OPEN_CONNS}"
      DB_MAX_IDLE_CONNS: "${DB_MAX_IDLE_CONNS}"
      DB_MAX_LIFETIME: "${DB_MAX_LIFETIME}"

      REDIS_URL: "${REDIS_URL}"
      REDIS_DB: "${REDIS_DB}"

      EMAIL_HOST: "${EMAIL_HOST}"
      EMAIL_PORT: "${EMAIL_PORT}"
      EMAIL_HOST_USER: "${EMAIL_HOST_USER}"
      DEFAULT_FROM_EMAIL: "${DEFAULT_FROM_EMAIL}"
      EMAIL_USE_TLS: "${EMAIL_USE_TLS}"

      APNS_AUTH_KEY_PATH: "/run/secrets/apns_auth_key"
      APNS_AUTH_KEY_ID: "${APNS_AUTH_KEY_ID}"
      APNS_TEAM_ID: "${APNS_TEAM_ID}"
      APNS_TOPIC: "${APNS_TOPIC}"
      APNS_USE_SANDBOX: "${APNS_USE_SANDBOX}"
      APNS_PRODUCTION: "${APNS_PRODUCTION}"

      STORAGE_UPLOAD_DIR: "${STORAGE_UPLOAD_DIR}"
      STORAGE_BASE_URL: "${STORAGE_BASE_URL}"
      STORAGE_MAX_FILE_SIZE: "${STORAGE_MAX_FILE_SIZE}"
      STORAGE_ALLOWED_TYPES: "${STORAGE_ALLOWED_TYPES}"

      FEATURE_PUSH_ENABLED: "${FEATURE_PUSH_ENABLED}"
      FEATURE_EMAIL_ENABLED: "${FEATURE_EMAIL_ENABLED}"
      FEATURE_WEBHOOKS_ENABLED: "${FEATURE_WEBHOOKS_ENABLED}"
      FEATURE_ONBOARDING_EMAILS_ENABLED: "${FEATURE_ONBOARDING_EMAILS_ENABLED}"
      FEATURE_PDF_REPORTS_ENABLED: "${FEATURE_PDF_REPORTS_ENABLED}"
      FEATURE_WORKER_ENABLED: "${FEATURE_WORKER_ENABLED}"

      APPLE_CLIENT_ID: "${APPLE_CLIENT_ID}"
      APPLE_TEAM_ID: "${APPLE_TEAM_ID}"
      GOOGLE_CLIENT_ID: "${GOOGLE_CLIENT_ID}"
      GOOGLE_ANDROID_CLIENT_ID: "${GOOGLE_ANDROID_CLIENT_ID}"
      GOOGLE_IOS_CLIENT_ID: "${GOOGLE_IOS_CLIENT_ID}"
      APPLE_IAP_KEY_PATH: "${APPLE_IAP_KEY_PATH}"
      APPLE_IAP_KEY_ID: "${APPLE_IAP_KEY_ID}"
      APPLE_IAP_ISSUER_ID: "${APPLE_IAP_ISSUER_ID}"
      APPLE_IAP_BUNDLE_ID: "${APPLE_IAP_BUNDLE_ID}"
      APPLE_IAP_SANDBOX: "${APPLE_IAP_SANDBOX}"
      GOOGLE_IAP_SERVICE_ACCOUNT_PATH: "${GOOGLE_IAP_SERVICE_ACCOUNT_PATH}"
      GOOGLE_IAP_PACKAGE_NAME: "${GOOGLE_IAP_PACKAGE_NAME}"
    command:
      - /bin/sh
      - -lc
      - |
        set -eu
        export POSTGRES_PASSWORD="$$(cat /run/secrets/postgres_password)"
        export SECRET_KEY="$$(cat /run/secrets/secret_key)"
        export EMAIL_HOST_PASSWORD="$$(cat /run/secrets/email_host_password)"
        export FCM_SERVER_KEY="$$(cat /run/secrets/fcm_server_key)"
        exec /app/api
    secrets:
      - source: ${POSTGRES_PASSWORD_SECRET}
        target: postgres_password
      - source: ${SECRET_KEY_SECRET}
        target: secret_key
      - source: ${EMAIL_HOST_PASSWORD_SECRET}
        target: email_host_password
      - source: ${FCM_SERVER_KEY_SECRET}
        target: fcm_server_key
      - source: ${APNS_AUTH_KEY_SECRET}
        target: apns_auth_key
    volumes:
      - uploads:/app/uploads
    healthcheck:
      test: ["CMD", "curl", "-f", "http://127.0.0.1:8000/api/health/"]
      interval: 30s
      timeout: 10s
      start_period: 15s
      retries: 3
    deploy:
      replicas: ${API_REPLICAS}
      restart_policy:
        condition: any
        delay: 5s
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      rollback_config:
        parallelism: 1
        delay: 5s
        order: stop-first
    networks:
      - casera-network

  admin:
    image: ${ADMIN_IMAGE}
    ports:
      - target: 3000
        published: ${ADMIN_PORT}
        protocol: tcp
        mode: ingress
    environment:
      PORT: "3000"
      HOSTNAME: "0.0.0.0"
      NEXT_PUBLIC_API_URL: "${NEXT_PUBLIC_API_URL}"
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3000/admin/"]
      interval: 30s
      timeout: 10s
      retries: 3
    deploy:
      replicas: ${ADMIN_REPLICAS}
      restart_policy:
        condition: any
        delay: 5s
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      rollback_config:
        parallelism: 1
        delay: 5s
        order: stop-first
    networks:
      - casera-network

  worker:
    image: ${WORKER_IMAGE}
    environment:
      DB_HOST: "${DB_HOST}"
      DB_PORT: "${DB_PORT}"
      POSTGRES_USER: "${POSTGRES_USER}"
      POSTGRES_DB: "${POSTGRES_DB}"
      DB_SSLMODE: "${DB_SSLMODE}"
      DB_MAX_OPEN_CONNS: "${DB_MAX_OPEN_CONNS}"
      DB_MAX_IDLE_CONNS: "${DB_MAX_IDLE_CONNS}"
      DB_MAX_LIFETIME: "${DB_MAX_LIFETIME}"

      REDIS_URL: "${REDIS_URL}"
      REDIS_DB: "${REDIS_DB}"

      EMAIL_HOST: "${EMAIL_HOST}"
      EMAIL_PORT: "${EMAIL_PORT}"
      EMAIL_HOST_USER: "${EMAIL_HOST_USER}"
      DEFAULT_FROM_EMAIL: "${DEFAULT_FROM_EMAIL}"
      EMAIL_USE_TLS: "${EMAIL_USE_TLS}"

      APNS_AUTH_KEY_PATH: "/run/secrets/apns_auth_key"
      APNS_AUTH_KEY_ID: "${APNS_AUTH_KEY_ID}"
      APNS_TEAM_ID: "${APNS_TEAM_ID}"
      APNS_TOPIC: "${APNS_TOPIC}"
      APNS_USE_SANDBOX: "${APNS_USE_SANDBOX}"
      APNS_PRODUCTION: "${APNS_PRODUCTION}"

      TASK_REMINDER_HOUR: "${TASK_REMINDER_HOUR}"
      OVERDUE_REMINDER_HOUR: "${OVERDUE_REMINDER_HOUR}"
      DAILY_DIGEST_HOUR: "${DAILY_DIGEST_HOUR}"

      FEATURE_PUSH_ENABLED: "${FEATURE_PUSH_ENABLED}"
      FEATURE_EMAIL_ENABLED: "${FEATURE_EMAIL_ENABLED}"
      FEATURE_WEBHOOKS_ENABLED: "${FEATURE_WEBHOOKS_ENABLED}"
      FEATURE_ONBOARDING_EMAILS_ENABLED: "${FEATURE_ONBOARDING_EMAILS_ENABLED}"
      FEATURE_PDF_REPORTS_ENABLED: "${FEATURE_PDF_REPORTS_ENABLED}"
      FEATURE_WORKER_ENABLED: "${FEATURE_WORKER_ENABLED}"
    command:
      - /bin/sh
      - -lc
      - |
        set -eu
        export POSTGRES_PASSWORD="$$(cat /run/secrets/postgres_password)"
        export SECRET_KEY="$$(cat /run/secrets/secret_key)"
        export EMAIL_HOST_PASSWORD="$$(cat /run/secrets/email_host_password)"
        export FCM_SERVER_KEY="$$(cat /run/secrets/fcm_server_key)"
        exec /app/worker
    secrets:
      - source: ${POSTGRES_PASSWORD_SECRET}
        target: postgres_password
      - source: ${SECRET_KEY_SECRET}
        target: secret_key
      - source: ${EMAIL_HOST_PASSWORD_SECRET}
        target: email_host_password
      - source: ${FCM_SERVER_KEY_SECRET}
        target: fcm_server_key
      - source: ${APNS_AUTH_KEY_SECRET}
        target: apns_auth_key
    deploy:
      replicas: ${WORKER_REPLICAS}
      restart_policy:
        condition: any
        delay: 5s
      update_config:
        parallelism: 1
        delay: 10s
        order: start-first
      rollback_config:
        parallelism: 1
        delay: 5s
        order: stop-first
    networks:
      - casera-network

  dozzle:
    image: amir20/dozzle:latest
    ports:
      - target: 8080
        published: ${DOZZLE_PORT}
        protocol: tcp
        mode: ingress
    environment:
      DOZZLE_NO_ANALYTICS: "true"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    deploy:
      replicas: 1
      restart_policy:
        condition: any
        delay: 5s
      placement:
        constraints:
          - node.role == manager
    networks:
      - casera-network

volumes:
  redis_data:
  uploads:

networks:
  casera-network:
    driver: overlay
    driver_opts:
      encrypted: "true"

secrets:
  postgres_password:
    external: true
    name: ${POSTGRES_PASSWORD_SECRET}
  secret_key:
    external: true
    name: ${SECRET_KEY_SECRET}
  email_host_password:
    external: true
    name: ${EMAIL_HOST_PASSWORD_SECRET}
  fcm_server_key:
    external: true
    name: ${FCM_SERVER_KEY_SECRET}
  apns_auth_key:
    external: true
    name: ${APNS_AUTH_KEY_SECRET}