version: '3'

services:
  scirius:
    container_name: mistborn_production_scirius
    image: "cyber5k/scirius:${MISTBORN_TAG}"
    #environment:
    #  - SECRET_KEY: <SECRET KEY>
    env_file:
      - ../.envs/.production/.scirius
    volumes:
      - /var/log/suricata:/logs
      - /etc/suricata/rules:/etc/suricata/rules
      - ../../mistborn_volumes/extra/scirius/static:/static
      - ../../mistborn_volumes/extra/scirius/data:/data
      - /var/run:/var/run:ro
      - /var/run/suricata/suricata-command.socket:/var/run/suricata/suricata-command.socket:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.scirius-http.rule=Host(`scirius.mistborn`)"
      - "traefik.http.routers.scirius-http.entrypoints=web"
      - "traefik.http.routers.scirius-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.scirius-https.rule=Host(`scirius.mistborn`)"
      - "traefik.http.routers.scirius-https.entrypoints=websecure"
      - "traefik.http.routers.scirius-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.scirius-https.tls.certresolver=basic"
      - "traefik.http.services.scirius-service.loadbalancer.server.port=8000"
    restart: unless-stopped 

  filebeat:
    image: docker.elastic.co/beats/filebeat:${ELASTIC_VERSION:-7.9.1}
    # https://github.com/docker/swarmkit/issues/1951
    hostname: "{{.Node.Hostname}}-filebeat"
    # Need to override user so we can access the log files, and docker.sock
    user: root
    configs:
      - source: fb_config
        target: /usr/share/filebeat/filebeat.yml
    volumes:
      - filebeat:/usr/share/filebeat/data
      - /var/run/docker.sock:/var/run/docker.sock
      # This is needed for filebeat to load container log path as specified in filebeat.yml
      - /var/lib/docker/containers/:/var/lib/docker/containers/:ro

      # # This is needed for filebeat to load jenkins build log path as specified in filebeat.yml
      # - /var/lib/docker/volumes/jenkins_home/_data/jobs/:/var/lib/docker/volumes/jenkins_home/_data/jobs/:ro

      # This is needed for filebeat to load logs for system and auth modules
      - /var/log/:/var/log/:ro
      # This is needed for filebeat to load logs for auditd module. you might have to install audit system
      # on ubuntu first (sudo apt-get install -y auditd audispd-plugins)
      - /var/log/audit/:/var/log/audit/:ro
    environment:
      - ELASTICSEARCH_HOST=${ELASTICSEARCH_HOST}
      - KIBANA_HOST=${KIBANA_HOST}
      - ELASTICSEARCH_USERNAME=${ELASTICSEARCH_USERNAME}
      - ELASTICSEARCH_PASSWORD=${ELASTICSEARCH_PASSWORD}
    # disable strict permission checks
    command: ["--strict.perms=false"]

volumes:
  filebeat:

networks:
  default:
    external:
      name: mistborn_default

configs:
  fb_config:
    file: /opt/mistborn_volumes/scirius/init/filebeat.docker.yml