compose.prod.override.yml

x-common: &common
  logging:
    driver: "local"
    options:
      max-file: "5"
      max-size: "10m"

services:
  gluetun:
    volumes:
      - ./config/gluetun/post-rules.txt:/iptables/post-rules.txt:ro
  listener: &common-dht-torznab
    <<: *common
    image: ghcr.io/guillaumedsde/dht-torznab:latest
    build: {}
    entrypoint:
      - python
    command:
      - "-m"
      - "dht_torznab.listener"

  migrations:
    <<: *common-dht-torznab
    # FIXME: pull appropriate image instead of defining entrypoint?
    entrypoint:
      - alembic
    command:
      - upgrade
      - head
    build: {}

  api:
    <<: *common-dht-torznab
    # FIXME: pull appropriate image instead of defining entrypoint?
    entrypoint:
      - gunicorn
    command: []
    build: {}
    ports: []
    environment:
      DHT_TORZNAB__API__KEY: ${DHT_TORZNAB__API__KEY}
    labels:
      traefik.enable: "true"
      traefik.http.routers.api.rule: "Host(`api.${DOMAIN}`)"

  peer_count_updater:
    <<: *common-dht-torznab
    entrypoint:
      - python
    command:
      - -m
      - dht_torznab.peer_count_updater
    build: {}

  
  postgres:
    command:
      - "postgres"
      - "-c"
      - "max_connections=500"

  # reverse proxy
  traefik:
    <<: *common
    image: traefik:v2.10
    user: 0:${DOCKER_GID:-999}
    cap_add:
      - NET_BIND_SERVICE
    command:
      - "--global.checknewversion=false"
      - "--global.sendanonymoususage=false"
      - "--log.level=${TRAEFIK_LOG_LEVEL:-INFO}"
      # docker configuration
      - "--providers.docker=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=false"
      # entrypoints
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls.certResolver=le"
      - "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}"
      - "--entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}"
      # DNS challenge
      - "--certificatesresolvers.le=true"
      - "--certificatesresolvers.le.acme.storage=/data/acme.json"
      - "--certificatesresolvers.le.acme.dnschallenge=true"
      - "--certificatesresolvers.le.acme.dnschallenge.delayBeforeCheck=30"
      - "--certificatesresolvers.le.acme.dnschallenge.provider=ovh"
      - "--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.le.acme.keytype=EC384"
      - "--certificatesresolvers.le.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
      # configs
      - "--providers.file.directory=/config/"
    environment:
      OVH_ENDPOINT: ${OVH_ENDPOINT}
      OVH_APPLICATION_KEY: ${OVH_APPLICATION_KEY}
      OVH_APPLICATION_SECRET: ${OVH_APPLICATION_SECRET}
      OVH_CONSUMER_KEY: ${OVH_CONSUMER_KEY}
      LEGO_EXPERIMENTAL_CNAME_SUPPORT: "true"
    read_only: true
    volumes:
      - type: volume
        source: traefik-data
        target: /data
      - type: bind
        source: ./config/traefik
        target: /config
        read_only: true
      - type: bind
        source: ${DOCKER_SOCKET_HOST_PATH:-/var/run/docker.sock}
        target: /var/run/docker.sock
        read_only: true
    tmpfs:
      - /tmp:mode=770,size=5M
    ports:
      - target: 80
        host_ip: 0.0.0.0
        published: 80
        protocol: tcp
      - target: 443
        host_ip: 0.0.0.0
        published: 443
        protocol: tcp
    deploy:
      restart_policy:
        condition: any
      resources:
        limits:
          cpus: "2.0"
          memory: 200M
    memswap_limit: 200M

volumes:
  traefik-data: