version: '3.3'

services:

  ###########################
  ### mysql for dashboard ###
  ###########################
  db:
   image: mysql/mysql-server:8.0.0
   restart: always
   volumes:
    # this must be mounted to make the user db persistent:
    - ${DB_PATH}:/var/lib/mysql/:rw
    # always keep this bind-mounted, it's for initialisation:
    - ${DB_INIT}:/docker-entrypoint-initdb.d
   environment:
    MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
    MYSQL_DATABASE: ${MYSQL_DATABASE}
    MYSQL_USER: ${MYSQL_USER}
    MYSQL_PASSWORD: ${MYSQL_PASSWORD}
   networks:
    - vre_dash
   healthcheck:
    test: "/usr/bin/mysql --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} --silent --execute \"SELECT 1;\"" # please adapt!
    interval: 30s
    timeout: 10s
    retries: 5


  ################################
  ### SQL dump tool for backup ###
  ################################
  dumper:
   image: registry-sdc.argo.grnet.gr/mysql-cron:20191024
   restart: always
   volumes:
    - ./mysql_backups/dashboard_mysql/:/srv/mysql/backup
   environment:
    CRON_SCHEDULE: '10 * * * *' #optional, defaults to hourly.
    MAX_SECONDS_SINCE_LAST: 3610
    MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
    MYSQL_DATABASE: ${MYSQL_DATABASE}
    MYSQL_USER: ${MYSQL_USER}
    MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    # optional
    #MYSQL_PORT: 3306
    #MYSQL_HOST: 'db'
   networks:
    - vre_dash
   healthcheck:
     test: "/healthcheck.sh"
     interval: 300s


  ########################
  ### VRE entrypoint:  ###
  ### dashboard        ###
  ########################
  dashboard:
   image: registry-sdc.argo.grnet.gr/vre_dashboard:20200915-3
   restart: always
   depends_on:
    - db
   expose:
    - 80 # Should run on http, no SSL, only locally, no port exposed to outside - SSL is done by reverse proxy!
   networks:
    - vre_dash
    - vre_proxy
   volumes:
    - ${DATA_PATH}:/var/www/html/vre/storage/app/nc
   environment:
    REVERSE_PROXY: 1
    VRE_SERVICES: rrr,diva,divavip,viz,erddap,fileselector,bioqc,webodv
    NUM_DISTR: 1
    #
    # 2. Where the VRE tells Unity/B2ACCESS to call us back during authentication
    UNITY_REDIRECT: https://${FQDM}/vre_login/unity/callback
    # 
    # 3. Where the VRE can reach the nextcloud (via SSH) to create a user during
    # registration (both local registration and Marine-ID authentication)
    NEXTCLOUD_SSH: workspace # must be the name of the service!
    # 
    # 4. URLs of the VRE services
    # Must be reachable from the client, as they are integrated using iframes
    # Can be comma-separated lists
    bioqc: https://${BIOQCHOST}/bioqc/app_dev.php
    workspace: https://${FQDM}/workspace/index.php/apps/loginviapost/login
    fileselector: https://${FILESELHOST}/fileselector
    divavip: https://${DIVAHOST}/divavip
    diva: https://${DIVAHOST}/diva
    rrr: https://${DIVAHOST}/rrr
    webodv: https://${ODVHOST}/odv/
    erddap: https://${ERDDAPHOST}/erddap/hub/login?next
    viz: https://${VIZHOST}/viz/rest/login
    syncer: http://syncer_proxy/sync/bidirectional/
    syncer_rsync: http://syncer_proxy/sync/to_remote/
    # 
    # 5. Does the service run behind a reverse proxy?
    # If , makes sure that the FORCE_ROOT_URL is used in all HTML links,
    # HTML forms etc. (served by Laravel) if service runs behind a
    # reverse proxy, i.e. forceRootUrl() is enforced in Laravel.
    # Please use 1 for true and 0 for false!
    REVERSE_PROXY: 1 # 1=true!
    #
    # 6. This URL is used in HTML links, HTML forms etc. (served by
    # Laravel) if service runs behind a reverse proxy, i.e. forceRootUrl()
    # is enforced in Laravel.
    # Please include the protocol, i.e. "https://".
    # Note: Only used if REVERSE_PROXY is true.
    FORCE_ROOT_URL: 'https://${FQDM}'
    # 
    # 7. This makes sure that https is used in HTML links, HTML forms etc.
    # (served by Laravel) if service runs behind a reverse proxy, i.e.
    # forceScheme() is enforced in Laravel.
    # Note: Only used if REVERSE_PROXY is true.
    FORCE_SCHEME: 'https'
   labels:
    - vre

  #################
  ### nextcloud ###
  #################

  workspace:
   image: registry-sdc.argo.grnet.gr/vre_nextcloud:20200917-1
   volumes:
     # which ones to keep for persistent? I think both, but not sure
     # Seb: yes both. First is only the user data, second is the database stuff
     # Problem: If the full nextcloud is mouted I cannot update the nextcloud container ?!?!
     - ${DATA_PATH}:/var/www/html/data:rw
     - ${NEXTCLOUD_MOUNT}:/var/www/html:rw
   restart: always
   expose:
     - 80
   networks:
     - vre_dash
     - vre_proxy
   environment:
    # Make sure that dashboard is allowed to access nextcloud:
    trusted_domains: '${FQDM}'
    # Make sure that the automatic detection of hostnames for redirects
    # (done by nextcloud) works also if nextcloud runs behind a reverse proxy.
    # Please see: https://github.com/nextcloud/server/blob/master/config/config.sample.php#L436
    overwritehost: '${FQDM}'
    overwritewebroot: 'workspace'
    overwriteprotocol: 'https'
    overwrite.cli.url: 'http://localhost/workspace'

networks:
  vre_dash:
    external: true
  vre_proxy:
    external: true

# Athens:
#FQDM=sdc-test.argo.grnet.gr
#DIVAHOST=bluewhale.dkrz.de
#VIZHOST=jellyfish.argo.grnet.gr
#BIOQCHOST=jellyfish.argo.grnet.gr
#ODVHOST=sdc-test.argo.grnet.gr
#ERDDAPHOST=jellyfish.argo.grnet.gr
#FILESELHOST=sdc-test.argo.grnet.gr