docker-compose.yml

volumes:
  node_modules:
  dist:
  php-socket:
  opensearch-data:
  database:
    driver: local
  minio_storage: ~
  cdn_node_modules: ~

services:
  php-fpm:
    container_name: intranet-php-fpm
    build:
      context: .
      target: fpm-dev
    volumes:
      - .:/var/www/html
      - php-socket:/sock
      ### Deploy scripts
      - ./deploy/config/php-pool.conf:/usr/local/etc/php-fpm.d/pool.conf
    env_file:
      - .env
    depends_on:
      - mariadb
      - opensearch
    links:
      - "cdn:cdn.${SERVER_NAME}"
      - "minio:minio.${SERVER_NAME}"
      - "nginx:${SERVER_NAME}"

  nginx:
    container_name: intranet-nginx
    build:
      context: .
      target: nginx-dev
    volumes:
      - dist:/var/www/html/public/app/themes/clarity/dist
      - php-socket:/sock
      ### Deploy scripts
      - ./deploy/config/local/nginx/php-fpm.conf:/etc/nginx/php-fpm.conf
      - ./deploy/config/local/nginx/server.conf:/etc/nginx/conf.d/default.conf
      - ./deploy/config/nginx.conf:/etc/nginx/nginx.conf
      - ./deploy/config/auth-request.conf:/etc/nginx/auth-request.conf
      - ./deploy/config/php-fpm-auth.conf:/etc/nginx/php-fpm-auth.conf
      ### Assets
      - ./public/app/plugins:/var/www/html/public/app/plugins
      - ./public/app/mu-plugins:/var/www/html/public/app/mu-plugins
      - ./public/app/themes/clarity/screenshot.png:/var/www/html/public/app/themes/clarity/screenshot.png
      - ./public/app/themes/clarity/error-pages:/var/www/html/public/app/themes/clarity/error-pages
      - ./public/wp:/var/www/html/public/wp
      - ./public/index.php:/var/www/html/public/index.php
    environment:
      VIRTUAL_HOST: ${SERVER_NAME}
      VIRTUAL_PORT: 8080
      SERVER_NAME: ${SERVER_NAME}
      IPS_FORMATTED: ${IPS_FORMATTED}
    ports:
      - "8080:8080"
    depends_on:
      - node

  node:
    container_name: intranet-node
    image: node:22-alpine
    working_dir: /node
    command: ash -c "npm i && npm run watch"
    volumes:
      - node_modules:/node/node_modules
      - dist:/node/dist
      - ./public/app/themes/clarity/src:/node/src
      - ./public/app/themes/clarity/inc:/node/inc
      - ./public/app/themes/clarity/jsconfig.json:/node/jsconfig.json
      - ./public/app/themes/clarity/package.json:/node/package.json
      - ./public/app/themes/clarity/package-lock.json:/node/package-lock.json
      - ./public/app/themes/clarity/webpack.mix.js:/node/webpack.mix.js

  mariadb:
    container_name: intranet-mariadb
    image: mariadb:10
    healthcheck:
      test: [ "CMD-SHELL", "bash", "-c", "echo > /dev/tcp/localhost/3306" ]
      interval: 1s
    volumes:
      - database:/var/lib/mysql
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_USER: ${DB_USER}
      MYSQL_PASSWORD: ${DB_PASSWORD}
      MYSQL_DATABASE: ${DB_NAME}
    depends_on:
      - redis

  phpmyadmin:
    container_name: intranet-phpmyadmin
    image: phpmyadmin
    environment:
      - PMA_HOST=mariadb
    depends_on:
      - mariadb
    ports:
      - "9191:80"
    links:
      - mariadb

  opensearch:
    container_name: intranet-opensearch
    image: opensearchproject/opensearch:${OPENSEARCH_VERSION}
    environment:
      cluster.name: opensearch-cluster
      node.name: opensearch
      discovery.type: single-node
      bootstrap.memory_lock: true
      VIRTUAL_HOST: opensearch.${SERVER_NAME}
      VIRTUAL_PORT: 9200
      OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m # Set min and max JVM heap sizes to at least 50% of system RAM
      DISABLE_INSTALL_DEMO_CONFIG: true # Prevents execution of bundled demo script which installs demo certificates and security configurations to OpenSearch
      DISABLE_SECURITY_PLUGIN: true # Disables Security plugin
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems
        hard: 65536
    volumes:
      - opensearch-data:/usr/share/opensearch/data
    ports:
      - "9200:9200"
      - "9600:9600" # required for Performance Analyzer

  opensearch-dashboard:
    container_name: intranet-opensearch-dashboard
    image: opensearchproject/opensearch-dashboards:${OPENSEARCH_VERSION}
    ports:
      - "5601:5601"
    expose:
      - "5601"
    environment:
      VIRTUAL_HOST: opensearch-dashboard.${SERVER_NAME}
      VIRTUAL_PORT: 5601
      OPENSEARCH_HOSTS: ${OPENSEARCH_URL} # must be a string with no spaces when specified as an environment variable
      DISABLE_SECURITY_DASHBOARDS_PLUGIN: true # disables security dashboards plugin in OpenSearch Dashboards
    depends_on:
      - opensearch

  minio:
    container_name: intranet-minio
    image: minio/minio
    ports:
      - "9000:9000" # The AWS S3 compatible API.
      - "9001:9001" # The Minio web console.
    volumes:
      - minio_storage:/data
    environment:
      MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID}
      MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY}
      VIRTUAL_HOST: minio.${SERVER_NAME}
      VIRTUAL_PORT: 9000
    command: server --console-address ":9001" /data
    healthcheck:
      test: timeout 5s bash -c ':> /dev/tcp/127.0.0.1/9000' || exit 1
      start_period: 5s
      interval: 10s
      timeout: 5s
      retries: 2

  minio-init:
    container_name: intranet-minio-init
    image: minio/mc
    depends_on:
      - minio
    entrypoint: |
      /bin/sh -c "
        mc config host add intranet http://minio:9000 ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
        mc mb intranet/${AWS_S3_BUCKET}
        mc anonymous set download intranet/${AWS_S3_BUCKET};
        exit 0
      "

  cdn:
    container_name: intranet-cdn
    image: node:22-alpine
    working_dir: /node
    command: ash -c "npm i && npm run watch"
    volumes:
      - cdn_node_modules:/node/node_modules
      - ./cdn/package.json:/node/package.json
      - ./cdn/server.js:/node/server.js
    environment:
      AWS_CLOUDFRONT_PUBLIC_KEY: ${AWS_CLOUDFRONT_PUBLIC_KEY}
      AWS_S3_BUCKET: ${AWS_S3_BUCKET}
      VIRTUAL_HOST: cdn.${SERVER_NAME}
      VIRTUAL_PORT: 80
    depends_on:
      - minio
    ports:
      - "8081:80"

  wp-cron:
    container_name: intranet-wp-cron
    build:
      context: .
      target: build-cron
    environment:
      NGINX_HOST: ${NGINX_SERVICE_PORT}
      NGINX_SERVICE_PORT: ${NGINX_SERVICE_PORT}
    depends_on:
      - nginx

  redis:
    container_name: intranet-redis
    image: 'bitnami/redis:latest'
    environment:
      - ALLOW_EMPTY_PASSWORD=yes