version: '3'
services:
  hedgedoc-db:
    image: postgres:13.4-alpine
    container_name: hedgedoc-db
    environment:
      - POSTGRES_USER=hedgedoc
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=hedgedoc
    volumes:
      - ./data/hedgedoc/database:/var/lib/postgresql/data
    restart: always

  hedgedoc:
    # Make sure to use the latest release from https://hedgedoc.org/latest-release
    image: quay.io/hedgedoc/hedgedoc:1.9.4
    container_name: hedgedoc
    environment:
      #- CMD_CSP_ENABLE=false
      - CMD_DB_URL=postgres://hedgedoc:password@hedgedoc-db:5432/hedgedoc
      - CMD_PROTOCOL_USESSL=true
      - CMD_ALLOW_ANONYMOUS=false  # anonymous user's can't create notes
      - CMD_ALLOW_ANONYMOUS_EDITS=true # but they can be invited to edit notes
      - CMD_ALLOW_FREEURL=true # users can create arbitrary names
      - CMD_EMAIL=false # only oauth logins
      - CMD_DOMAIN=${HEDGEDOC_HOSTNAME}.${DOMAIN_NAME}
      - CMD_OAUTH2_AUTHORIZATION_URL=${AUTH_URL}
      - CMD_OAUTH2_TOKEN_URL=${TOKEN_URL}
      - CMD_OAUTH2_USER_PROFILE_URL=${USERINFO_URL}
      - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
      - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
      - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
      - CMD_OAUTH2_CLIENT_ID=hedgedoc
      - CMD_OAUTH2_PROVIDERNAME=Keycloak
      - CMD_OAUTH2_CLIENT_SECRET=${HEDGEDOC_CLIENT_SECRET}
      - CMD_SESSION_SECRET=${HEDGEDOC_SESSION_SECRET}
    env_file:
      - ./env.production
    volumes:
      - ./data/hedgedoc/uploads:/hedgedoc/public/uploads
        #    ports:
        #- "3000:3000"
    restart: always
    depends_on:
      - hedgedoc-db
      - keycloak

  # add the hedgedoc nginx configuration into the nginx volume
  nginx:
    volumes:
      - ./hedgedoc/nginx.conf:/etc/nginx/templates/hedgedoc.conf.template:ro

  # add the hedgedoc client secrets to the keycloak-setup volume
  keycloak:
    volumes:
      - ./hedgedoc/keycloak.sh:/keycloak-setup/hedgedoc.sh:ro