version: "3.7"

services:
  halo:
    image: halohub/halo:2.9.0
    container_name: halo
    restart: unless-stopped
    depends_on:
      halodb:
        condition: service_healthy
    networks:
      - tipi_main_network
    volumes:
      - ${APP_DATA_DIR}:/root/.halo2
    ports:
      - ${APP_PORT}:8090
    healthcheck:
      test:
        ["CMD", "curl", "-f", "http://localhost:8090/actuator/health/readiness"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 30s
    command:
      - --spring.r2dbc.url=r2dbc:pool:postgresql://halodb/halo
      - --spring.r2dbc.username=halo
      - --spring.r2dbc.password=${HALO_DATABASE_PASSWORD}
      - --spring.sql.init.platform=postgresql
      - --halo.external-url=${HALO_EXTERNAL_URL}
      - --halo.security.initializer.superadminusername=${HALO_ADMIN_USERNAME}
      - --halo.security.initializer.superadminpassword=${HALO_ADMIN_PASSWORD}
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.halo-web-redirect.redirectscheme.scheme: https
      traefik.http.services.halo.loadbalancer.server.port: 8090
      # Web
      traefik.http.routers.halo-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.halo-insecure.entrypoints: web
      traefik.http.routers.halo-insecure.service: halo
      traefik.http.routers.halo-insecure.middlewares: halo-web-redirect
      # Websecure
      traefik.http.routers.halo.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.halo.entrypoints: websecure
      traefik.http.routers.halo.service: halo
      traefik.http.routers.halo.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.halo-local-insecure.rule: Host(`halo.${LOCAL_DOMAIN}`)
      traefik.http.routers.halo-local-insecure.entrypoints: web
      traefik.http.routers.halo-local-insecure.service: halo
      traefik.http.routers.halo-local-insecure.middlewares: halo-web-redirect
      # Local domain secure
      traefik.http.routers.halo-local.rule: Host(`halo.${LOCAL_DOMAIN}`)
      traefik.http.routers.halo-local.entrypoints: websecure
      traefik.http.routers.halo-local.service: halo
      traefik.http.routers.halo-local.tls: true

  halodb:
    image: postgres:latest
    container_name: halodb
    restart: unless-stopped
    networks:
      - tipi_main_network
    volumes:
      - ${APP_DATA_DIR}/db:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5
    environment:
      - POSTGRES_PASSWORD=${HALO_DATABASE_PASSWORD}
      - POSTGRES_USER=halo
      - POSTGRES_DB=halo
      - PGUSER=halo