version: "3.3"

services: 
  ldap-service:
    image: odk/openldap
    deploy:
      replicas: 1
    networks: 
      - ldap-network
    volumes:
      - ldap-vol:/var/lib/ldap
      - ldap-slapd.d-vol:/etc/ldap/slapd.d
    env_file:
      - ldap.env
  phpldapadmin:
    image: odk/phpldapadmin
    deploy:
      replicas: 1
    ports:
      - "${PHP_LDAPADMIN_PORT:-40000}:443"
    networks: 
      - ldap-network
    env_file:
      - ldap.env
  db:
    image: postgres:9.6
    deploy:
      replicas: 1
    networks:
      - db-network
    volumes:
      - db-vol:/var/lib/postgresql/data
    env_file:
      - db.env
  db-bootstrap:
    image: odk/db-bootstrap
    deploy:
      replicas: 1
      restart_policy:
        condition: none
      placement:
        constraints:
          - node.role == manager
    networks:
      - db-network
      - sync-network
    volumes:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
    env_file:
      - db.env
      - sync.env
  sync:
    image: odk/sync_endpoint
    networks: 
      - ldap-network
      - db-network
      - sync-network
    env_file:
      - sync.env
    # uncomment these after uncommenting the ones below in the root level configs 
    # configs:
      # - org.opendatakit.sync.ldapcert
      # - org.opendatakit.aggregate.logging.properties
    secrets:
      - org.opendatakit.aggregate.security.properties
      - org.opendatakit.aggregate.jdbc.properties
  web-ui:
    image: odk/sync-web-ui
    networks:
      - sync-network
    hostname: web-ui
    configs:
      - org.opendatakit.sync-web-ui.application.properties
  nginx:
    image: nginx:1.13
    networks:
      - sync-network
    ports:
      - "80:80"
      - "443:443"
    configs:
      - source: com.nginx.sync-endpoint.conf
        target: /etc/nginx/conf.d/default.conf
      - source: com.nginx.proxy_buffer.conf
        target: /etc/nginx/conf.d/proxy_buffer.conf
    # uncomment these after uncommenting the ones below in the root level
      # - com.nginx.ssl_certificate
    # secrets:
      # - com.nginx.ssl_certificate_key

networks:
  ldap-network:
    driver: overlay
    driver_opts:
      encrypted: ""
    internal: true
  db-network:
    driver: overlay
    driver_opts:
      encrypted: ""
    internal: true
  sync-network:
    driver: overlay
    driver_opts:
      encrypted: ""
    internal: true

volumes:
  db-vol: # preserve db
  # these 2 need to be removed together
  ldap-vol: # preserve ldap db
  ldap-slapd.d-vol: # preserve ldap settings

configs:
  # uncomment this to import a CA certificate into the Sync service
  # org.opendatakit.sync.ldapcert:
    # external: true
  # uncomment this to override logging configuration
  # org.opendatakit.aggregate.logging.properties:
    # file: ./logging.properties
  org.opendatakit.sync-web-ui.application.properties:
    file: ./config/web-ui/application.properties
  com.nginx.sync-endpoint.conf:
    file: ./config/nginx/sync-endpoint-http.conf
  com.nginx.proxy_buffer.conf:
    file: ./config/nginx/proxy_buffer.conf
  # com.nginx.ssl_certificate:
    # external:
      # name: NAME OF CONFIG

secrets:
  org.opendatakit.aggregate.security.properties:
    file: ./config/sync-endpoint/security.properties
  org.opendatakit.aggregate.jdbc.properties:
    file: ./config/sync-endpoint/jdbc.properties
  # com.nginx.ssl_certificate_key:
    # external: 
      # name: NAME OF SECRET