docker-compose.yml

services:
  api:
    image: ghcr.io/paastech-cloud/api:0.2.1
    container_name: paastech-api
    env_file:
      - .env
    depends_on:
      db:
        condition: service_healthy
      deployment-manager:
        condition: service_started
    networks:
      - internal
    labels:
      - "traefik.http.routers.api.rule=Host(`api.paastech.cloud`)"

  db:
    image: postgres:15.3-alpine3.18
    container_name: paastech-db
    volumes:
      - ./.db_data:/var/lib/postgresql/data:rw
    healthcheck:
      test: /usr/local/bin/pg_isready -U paastech -d paastech
      interval: 5s
      timeout: 10s
      retries: 4
    environment:
      POSTGRES_DB: paastech
      POSTGRES_USER: paastech
      POSTGRES_PASSWORD: paastech
    networks:
      - internal

  git-repo-manager:
    image: ghcr.io/paastech-cloud/git-repo-manager:1.0.1
    pull_policy: always
    container_name: paastech-git-repo-manager
    environment:
      - GIT_REPOSITORY_BASE_PATH=/srv/repositories
      - GIT_HOOKS_BASE_PATH=/srv/hooks
      - SERVER_PORT=50051
      - RUST_LOG=trace
    volumes:
      - /srv:/srv:rw
    networks:
      - internal
    labels:
      - "traefik.enable=false"

  git-ssh-server:
    image: ghcr.io/paastech-cloud/git-ssh-server:1.0.0
    pull_policy: always
    container_name: paastech-git-ssh-server
    depends_on:
      - db
    environment:
      - GIT_REPOSITORIES_FULL_BASE_PATH=/srv
      - GIT_POSTGRESQL_USERNAME=paastech
      - GIT_POSTGRESQL_PASSWORD=paastech
      - GIT_POSTGRESQL_DATABASE_NAME=paastech
      - GIT_POSTGRESQL_PORT=5432
      - GIT_POSTGRESQL_HOST=db
      - GIT_HOST_SIGNER_PATH=/etc/ssh/keys/id_ed25519
      - GIT_LOG_LEVEL=debug
    volumes:
      - /srv/repositories:/srv
      - $HOME/scripts/output/server:/etc/ssh/keys
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "2222:2222"
    deploy:
      resources:
        limits:
          cpus: "0.25"
          memory: 128M
        reservations:
          cpus: "0.25"
          memory: 128M
    networks:
      - internal


  deployment-manager:
    image: ghcr.io/paastech-cloud/pomegranate:0.2.0
    container_name: paastech-deployment-manager
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    depends_on:
      - reverse-proxy
    env_file:
      - .env
    networks:
      - internal

  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:v2.10
    container_name: paastech-traefik
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      # Let's encrypt certificates
      - ./letsencrypt:/letsencrypt
    command:
      - --providers.docker=true
      - --providers.docker.network=pomegranate-proxy-network
      # Default entrypoint, redirect to 443 (HTTPS)
      - --entryPoints.web.address=:80
      - --entryPoints.web.http.redirections.entryPoint.to=websecure
      - --entryPoints.web.http.redirections.entryPoint.scheme=https
      - --entryPoints.web.http.redirections.entryPoint.permanent=true

      # Secured endpoint
      - --entryPoints.websecure.address=:443
      - --entryPoints.websecure.http.tls.certResolver=letsencrypt
      - --entryPoints.websecure.http.tls.domains[0].main=*.${POMEGRANATE_FQDN}
      - --entryPoints.websecure.http.tls.domains[0].sans=*.${POMEGRANATE_FQDN},*.user-app.${POMEGRANATE_FQDN}

      - --certificatesResolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      - --certificatesResolvers.letsencrypt.acme.email=${POMEGRANATE_LETSENCRYPT_EMAIL}
      - --certificatesResolvers.letsencrypt.acme.dnsChallenge.provider=${POMEGRANATE_LETSENCRYPT_PROVIDER}
    env_file:
      - .env
    networks:
      - internal
      - pomegranate-proxy-network

networks:
  pomegranate-proxy-network:
    name: ${POMEGRANATE_DOCKER_NETWORK_NAME}
  internal:
    labels:
      com.docker.compose.network: paastech-api-network