version: "3"

services:

  db:
    #build:
    #  context: ../compose/production/mattermost/db
    image: mattermost/mattermost-prod-db
    read_only: true
    restart: unless-stopped
    volumes:
      - ../../mistborn_volumes/extra/mattermost/db/var/lib/postgresql/data:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - ../.envs/.production/.mattermost
    networks:
      mattermost_net:
        ipv4_address: 10.2.5.4
    #environment:
    #  - POSTGRES_USER=mmuser
    #  - POSTGRES_PASSWORD=mmuser_password
    #  - POSTGRES_DB=mattermost
    # uncomment the following to enable backup
    #  - AWS_ACCESS_KEY_ID=XXXX
    #  - AWS_SECRET_ACCESS_KEY=XXXX
    #  - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
    #  - AWS_REGION=us-east-1

  app:
    #build:
    #  context: ../compose/production/mattermost/app
    #  # uncomment following lines for team edition or change UID/GID
    #  args:
    #    - edition=team
    #    - PUID=1000
    #    - PGID=1000
    image: mattermost/mattermost-team-edition
    restart: unless-stopped
    volumes:
      - ../../mistborn_volumes/extra/mattermost/app/mattermost/config:/mattermost/config:rw
      - ../../mistborn_volumes/extra/mattermost/app/mattermost/data:/mattermost/data:rw
      - ../../mistborn_volumes/extra/mattermost/app/mattermost/logs:/mattermost/logs:rw
      - ../../mistborn_volumes/extra/mattermost/app/mattermost/plugins:/mattermost/plugins:rw
      - ../../mistborn_volumes/extra/mattermost/app/mattermost/client-plugins:/mattermost/client/plugins:rw
      - /etc/localtime:/etc/localtime:ro
      # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine
      # to avoid Token request failed: certificate signed by unknown authority (link: https://github.com/mattermost/mattermost-server/issues/13059)
      # - <path_to_your_gitlab_pki>/pki_chain.pem:/etc/ssl/certs/pki_chain.pem:ro
    env_file:
      - ../.envs/.production/.mattermost
    networks:
      mattermost_net:
        ipv4_address: 10.2.5.3
    #environment:
    #  # set same as db credentials and dbname
    #  #- MM_USERNAME=mmuser
    #  #- MM_PASSWORD=mmuser_password
    #  #- MM_DBNAME=mattermost

    #  # use the credentials you've set above, in the format:
    #  # MM_SQLSETTINGS_DATASOURCE=postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10
    #  #- MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@db:5432/mattermost?sslmode=disable&connect_timeout=10
    #  - MM_SQLSETTINGS_DATASOURCE=postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10

    #  # in case your config is not in default location
    #  #- MM_CONFIG=/mattermost/config/config.json

  web:
    #build:
    #  context: ../compose/production/mattermost/web
    image: mattermost/mattermost-prod-web
    #ports:
    #  - "80:80"
    #  - "443:443"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.mattermost-http.rule=Host(`mattermost.mistborn`)"
      - "traefik.http.routers.mattermost-http.entrypoints=web"
      - "traefik.http.routers.mattermost-http.middlewares=mistborn_auth@file"
      - "traefik.http.routers.mattermost-https.rule=Host(`mattermost.mistborn`)"
      - "traefik.http.routers.mattermost-https.entrypoints=websecure"
      - "traefik.http.routers.mattermost-https.middlewares=mistborn_auth@file"
      - "traefik.http.routers.mattermost-https.tls.certresolver=basic"
      - "traefik.http.services.mattermost-service.loadbalancer.server.port=80"
    read_only: true
    restart: unless-stopped
    volumes:
      # This directory must have cert files if you want to enable SSL
      #- ./volumes/web/cert:/cert:ro
      - /etc/localtime:/etc/localtime:ro
    networks:
      default:
      mattermost_net:
        ipv4_address: 10.2.5.2

networks:
  default:
    external:
      name: mistborn_default
  
  mattermost_net:
    driver: bridge
    ipam:
      config:
        - subnet: 10.2.5.0/29