services:
  mattermost:
    image: ${MATTERMOST_IMAGE:-mattermost/mattermost-team-edition:latest}
    container_name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_app
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: false
    tmpfs:
      - /tmp
    volumes:
      - mattermost_config:/mattermost/config:rw
      - mattermost_data:/mattermost/data:rw
      - mattermost_logs:/mattermost/logs:rw
      - mattermost_plugins:/mattermost/plugins:rw
      - mattermost_client_plugins:/mattermost/client/plugins:rw
      - mattermost_bleve:/mattermost/bleve-indexes:rw
    environment:
      TZ: ${TIMEZONE:-Europe/Berlin}
      MM_SQLSETTINGS_DRIVERNAME: postgres
      MM_SQLSETTINGS_DATASOURCE: postgres://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${MATTERMOST_DB_NAME}?sslmode=disable&connect_timeout=10
      MM_BLEVESETTINGS_INDEXDIR: /mattermost/bleve-indexes
      MM_SERVICESETTINGS_SITEURL: https://${MATTERMOST_TRAEFIK_HOST}
      MM_SERVICESETTINGS_ENABLELOCALMODE: "true"
      # Email settings
      MM_EMAILSETTINGS_ENABLESMTPAUTH: "true"
      MM_EMAILSETTINGS_SMTPUSERNAME: ${EMAIL_SMTP_USER}
      MM_EMAILSETTINGS_SMTPPASSWORD: ${EMAIL_SMTP_PASSWORD}
      MM_EMAILSETTINGS_SMTPSERVER: ${EMAIL_SMTP_HOST}
      MM_EMAILSETTINGS_SMTPPORT: ${EMAIL_SMTP_PORT}
      MM_EMAILSETTINGS_CONNECTIONSECURITY: TLS
      MM_EMAILSETTINGS_FEEDBACKNAME: Mattermost
      MM_EMAILSETTINGS_FEEDBACKEMAIL: ${EMAIL_FROM}
      MM_EMAILSETTINGS_REPLYTOADDRESS: ${EMAIL_FROM}
    networks:
      - compose_network
    labels:
      - 'traefik.enable=${MATTERMOST_TRAEFIK_ENABLED}'
      # HTTP to HTTPS redirect
      - 'traefik.http.middlewares.${MATTERMOST_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.middlewares=${MATTERMOST_COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.rule=Host(`${MATTERMOST_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
      # HTTPS router
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${MATTERMOST_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file'
      # Service
      - 'traefik.http.services.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8065'
      - 'traefik.docker.network=${NETWORK_NAME}'
      # Watchtower
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'

volumes:
  mattermost_config:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_config
  mattermost_data:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_data
  mattermost_logs:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_logs
  mattermost_plugins:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_plugins
  mattermost_client_plugins:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_client_plugins
  mattermost_bleve:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_bleve

networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true