services:
  pocket-id:
    image: ghcr.io/pocket-id/pocket-id:v2
    restart: unless-stopped
    environment:
      APP_URL: https://idp.marijndoeve.nl
      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
      TRUST_PROXY: true
      SMTP_HOST: ${SMTP_HOST}
      SMTP_PORT: 587
      SMTP_FROM: "pocketid@marijndoeve.nl"
      SMTP_USER: ${SMTP_USER}
      SMTP_PASSWORD: ${SMTP_PASSWORD}
      SMTP_TLS: starttls
    labels:
      - traefik.enable=true
      - traefik.http.routers.pocketid.rule=Host(`idp.marijndoeve.nl`)
      - traefik.http.routers.pocketid.entrypoints=websecure
      - traefik.http.routers.pocketid.tls.certresolver=marijndoeve
    volumes:
      - "data:/app/data"
    healthcheck:
      test: [ "CMD", "/app/pocket-id", "healthcheck" ]
      interval: 1m30s
      timeout: 5s
      retries: 2
      start_period: 10s

    networks:
      - web

volumes:
  data:

networks:
  web:
    external: true