services:
  website:
    image: registry.gitlab.com/realorangeone/website:latest
    restart: unless-stopped
    environment:
      - TZ={{ timezone }}
      - DEBUG=false
      - SECRET_KEY={{ vault_website_secret_key }}
      - DATABASE_URL=postgres://website:website@db/website?conn_max_age=600
      - CACHE_URL=redis://redis/0
      - QUEUE_STORE_URL=redis://redis/1
      - RENDITION_CACHE_URL=redis://redis/2
      - SPOTIFY_PROXY_URL=http://spotify_public_proxy
      - UNSPLASH_CLIENT_ID={{ vault_unsplash_client_id }}
      - SENTRY_DSN={{ vault_website_sentry_dsn }}
      - BASE_HOSTNAME=theorangeone.net
      - GRANIAN_WORKERS=2
      - GRANIAN_BLOCKING_THREADS=2
      - SEO_INDEX=true
      - ACTIVITYPUB_HOST=mastodon.theorangeone.net
    volumes:
      - ./media:/app/media
      - ./cache:/tmp/nginx_cache
    networks:
      - default
      - coredns
    depends_on:
      - db
      - redis

  db:
    image: postgres:14-alpine
    restart: unless-stopped
    volumes:
      - ./postgres:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=website
      - POSTGRES_USER=website

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    volumes:
      - ./redis:/data

  spotify_public_proxy:
    image: ghcr.io/realorangeone/spotify-public-proxy:latest
    restart: unless-stopped
    environment:
      - PORT=80
      - SPOTIFY_CLIENT_ID={{ vault_spotify_client_id }}
      - SPOTIFY_CLIENT_SECRET={{ vault_spotify_client_secret }}
      - SENTRY_DSN={{ vault_spotify_sentry_dsn }}

networks:
  coredns:
    external: true