services:
  planka:
    image: ghcr.io/plankanban/planka:2.0.0-rc.4
    restart: unless-stopped
    volumes:
      - favicons:/app/public/favicons
      - user-avatars:/app/public/user-avatars
      - background-images:/app/public/background-images
      - attachments:/app/private/attachments

    environment:
      BASE_URL: https://planka.marijndoeve.nl
      DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD}@postgres/planka

      SECRET_KEY: ${SECRET_KEY}
      # Optionally store in secrets - then SECRET_KEY should not be set
      # - SECRET_KEY__FILE=/run/secrets/secret_key

      # - LOG_LEVEL=warn

      # - TRUST_PROXY=true
      # - TOKEN_EXPIRES_IN=365 # In days

      # related: https://github.com/knex/knex/issues/2354
      # As knex does not pass query parameters from the connection string,
      # we have to use environment variables in order to pass the desired values, e.g.
      # - PGSSLMODE=<value>

      # Configure knex to accept SSL certificates
      # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false

      # Used for per-board notifications
      # - DEFAULT_LANGUAGE=en-US

      # Do not comment out DEFAULT_ADMIN_EMAIL if you want to prevent this user from being edited/deleted
      # - DEFAULT_ADMIN_EMAIL=demo@demo.demo
      # - DEFAULT_ADMIN_PASSWORD=demo
      # Optionally store in secrets - then DEFAULT_ADMIN_PASSWORD should not be set
      # - DEFAULT_ADMIN_PASSWORD__FILE=/run/secrets/default_admin_password
      # - DEFAULT_ADMIN_NAME=Demo Demo
      # - DEFAULT_ADMIN_USERNAME=demo

      # - INTERNAL_ACCESS_TOKEN=
      # - ACTIVE_USERS_LIMIT=

      # Set to true to show more detailed authentication error messages.
      # It should not be enabled without a rate limiter for security reasons.
      # - SHOW_DETAILED_AUTH_ERRORS=false

      # Email Notifications (https://nodemailer.com/smtp/)
      SMTP_HOST: 10.0.0.20
      SMTP_PORT: 25
      SMTP_NAME: marijndoeve.nl
      SMTP_SECURE: "false"
      # - SMTP_USER=
      # - SMTP_PASSWORD=
      # Optionally store in secrets - then SMTP_PASSWORD should not be set
      # - SMTP_PASSWORD__FILE=/run/secrets/smtp_password
      SMTP_FROM: '"Planka" <planka@marijndoeve.nl>'
      # - SMTP_TLS_REJECT_UNAUTHORIZED=false
    depends_on:
      postgres:
        condition: service_healthy
    labels:
      - traefik.enable=true
      - traefik.http.routers.planka.rule=Host(`planka.marijndoeve.nl`)
      - traefik.http.routers.planka.entrypoints=websecure
      - traefik.http.routers.planka.tls.certresolver=marijndoeve
    networks:
      - internal
      - web

  postgres:
    image: postgres:16
    restart: unless-stopped
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: planka
      POSTGRES_HOST_AUTH_METHOD: trust
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U postgres -d planka" ]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - internal

volumes:
  favicons:
  user-avatars:
  background-images:
  attachments:
  db-data:


networks:
  web:
    external: true
  internal:
    external: false