services:
  asciinema:
    image: ${ASCIINEMA_IMAGE:-ghcr.io/asciinema/asciinema-server:latest}
    container_name: ${ASCIINEMA_COMPOSE_PROJECT_NAME}_app
    restart: unless-stopped
    networks:
      - compose_network
    volumes:
      - asciinema_data:/var/opt/asciinema
      - ./theme/custom.css:/app/assets/css/custom.css:ro
    environment:
      SECRET_KEY_BASE: ${ASCIINEMA_SECRET_KEY}
      URL_HOST: ${ASCIINEMA_TRAEFIK_HOST}
      URL_PORT: 443
      URL_SCHEME: https
      DATABASE_URL: postgresql://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}/${ASCIINEMA_DB_NAME}?pool_size=10
      SMTP_HOST: ${EMAIL_SMTP_HOST}
      SMTP_PORT: ${EMAIL_SMTP_PORT}
      SMTP_USERNAME: ${EMAIL_SMTP_USER}
      SMTP_PASSWORD: ${EMAIL_SMTP_PASSWORD}
      SMTP_SSL: true
      MAIL_FROM_ADDRESS: ${EMAIL_FROM}
      MAIL_REPLY_TO_ADDRESS: ${ASCIINEMA_MAIL_REPLY_TO}
      SIGN_UP_DISABLED: ${ASCIINEMA_SIGN_UP_DISABLED:-false}
      UNCLAIMED_RECORDING_TTL: ${ASCIINEMA_UNCLAIMED_TTL:-30}
    labels:
      - 'traefik.enable=${ASCIINEMA_TRAEFIK_ENABLED}'
      # HTTP to HTTPS redirect
      - 'traefik.http.middlewares.${ASCIINEMA_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web.middlewares=${ASCIINEMA_COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web.rule=Host(`${ASCIINEMA_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
      # HTTPS router
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${ASCIINEMA_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${ASCIINEMA_COMPOSE_PROJECT_NAME}-compress.compress=true'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${ASCIINEMA_COMPOSE_PROJECT_NAME}-compress,security-headers@file'
      # Service
      - 'traefik.http.services.${ASCIINEMA_COMPOSE_PROJECT_NAME}.loadbalancer.server.port=4000'
      - 'traefik.docker.network=${NETWORK_NAME}'
      # Watchtower
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'

volumes:
  asciinema_data:
    name: ${ASCIINEMA_COMPOSE_PROJECT_NAME}_data

networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true