stacks/sexy/compose.yml

---
services:
  sexy:
    image: dev.pivoine.art/valknar/sexy:latest
    container_name: sexy
    user: node
    working_dir: /home/node/app/packages/frontend
    command: ["node", "build/index.js"]
    environment:
      TZ: ${TIMEZONE:-Europe/Amsterdam}
      NODE_ENV: production
      PUBLIC_API_URL: https://${TRAEFIK_HOST}/api
      PUBLIC_URL: https://${TRAEFIK_HOST}
      PUBLIC_UMAMI_ID: ${UMAMI_ID}
      PUBLIC_UMAMI_SCRIPT: ${UMAMI_SCRIPT}
    volumes:
      - ../.data/sexy/bundle:/home/node/app/packages/bundle
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.sexy-redirect-web-secure.redirectscheme.scheme=https"
      - "traefik.http.routers.sexy-web.middlewares=sexy-redirect-web-secure"
      - "traefik.http.routers.sexy-web.rule=Host(`${TRAEFIK_HOST}`)"
      - "traefik.http.routers.sexy-web.entrypoints=web"
      - "traefik.http.routers.sexy-web-secure.rule=Host(`${TRAEFIK_HOST}`)"
      - "traefik.http.routers.sexy-web-secure.tls.certresolver=resolver"
      - "traefik.http.routers.sexy-web-secure.entrypoints=web-secure"
      - "traefik.http.middlewares.sexy-compress.compress=true"
      - "traefik.http.routers.sexy-web-secure.middlewares=sexy-compress"
      - "traefik.http.services.sexy-web-secure.loadbalancer.server.port=3000"
      - "traefik.docker.network=${NETWORK_NAME}"
      - "com.centurylinklabs.watchtower.enable=true"
    networks:
      - compose_network
  directus:
    image: directus/directus:11.12.0
    container_name: sexy_directus
    environment:
      TZ: ${TIMEZONE:-Europe/Amsterdam}
      SECRET: ${DIRECTUS_SECRET}
      DB_CLIENT: pg
      DB_HOST: sexy_db
      DB_PORT: 5432
      DB_DATABASE: directus
      DB_USER: directus
      DB_PASSWORD: directus
      CACHE_ENABLED: "true"
      CACHE_AUTO_PURGE: "true"
      CACHE_STORE: redis
      REDIS: redis://sexy_redis:6379
      ASSETS_CACHE_TTL: "31536000"
      WEBSOCKETS_ENABLED: "true"
      PUBLIC_URL: https://${TRAEFIK_HOST}/api
      CORS_ENABLED: "true"
      CORS_ORIGIN: https://${TRAEFIK_HOST}
      SESSION_COOKIE_SECURE: "true"
      SESSION_COOKIE_SAME_SITE: strict
      SESSION_COOKIE_DOMAIN: ${TRAEFIK_HOST}
      EXTENSIONS_PATH: ./extensions
      EXTENSIONS_AUTO_RELOAD: "false"
      CONTENT_SECURITY_POLICY_DIRECTIVES__FRAME_SRC: https://${TRAEFIK_HOST}
      EMAIL_TRANSPORT: smtp
      EMAIL_SMTP_HOST: mailpit
      EMAIL_SMTP_PORT: 1025
      USER_REGISTER_URL_ALLOW_LIST: https://${TRAEFIK_HOST}/signup/verify
      PASSWORD_RESET_URL_ALLOW_LIST: https://${TRAEFIK_HOST}/password/reset
    volumes:
      - ../.data/sexy/uploads:/directus/uploads
      - ../.data/sexy/bundle:/directus/extensions/sexy.pivoine.art
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_healthy
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.sexy-directus-redirect-web-secure.redirectscheme.scheme=https"
      - "traefik.http.routers.sexy-directus-web.middlewares=sexy-directus-redirect-web-secure"
      - "traefik.http.routers.sexy-directus-web.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/api`)"
      - "traefik.http.routers.sexy-directus-web.entrypoints=web"
      - "traefik.http.routers.sexy-directus-web-secure.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/api`)"
      - "traefik.http.routers.sexy-directus-web-secure.tls.certresolver=resolver"
      - "traefik.http.routers.sexy-directus-web-secure.entrypoints=web-secure"
      - "traefik.http.middlewares.sexy-directus-compress.compress=true"
      - "traefik.http.middlewares.sexy-directus-strip.stripprefix.prefixes=/api"
      - "traefik.http.routers.sexy-directus-web-secure.middlewares=sexy-directus-strip,sexy-directus-compress"
      - "traefik.http.services.sexy-directus-web-secure.loadbalancer.server.port=8055"
      - "traefik.docker.network=${NETWORK_NAME}"
      - "com.centurylinklabs.watchtower.enable=true"
    networks:
      - compose_network
  redis:
    image: redis:7-alpine
    container_name: sexy_redis
    restart: always
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - compose_network
  db:
    image: postgres:16-alpine
    container_name: sexy_db
    environment:
      POSTGRES_DB: directus
      POSTGRES_USER: directus
      POSTGRES_PASSWORD: directus
    volumes:
      - ../.data/sexy/db:/var/lib/postgresql/data
    restart: always
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - compose_network
networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true