version: '3.7'

x-environment: &environment
  # REQUIRED
  SUPERBLOCKS_ORCHESTRATOR_SUPERBLOCKS_KEY: ${SUPERBLOCKS_AGENT_KEY}
  SUPERBLOCKS_AGENT_KEY: ${SUPERBLOCKS_AGENT_KEY}
  # OPTIONAL
  SUPERBLOCKS_ORCHESTRATOR_AGENT_TAGS: ${SUPERBLOCKS_AGENT_TAGS}
  SUPERBLOCKS_ORCHESTRATOR_AGENT_HOST_URL: ${SUPERBLOCKS_AGENT_HOST_URL:-http://localhost:8080}
  SUPERBLOCKS_ORCHESTRATOR_HTTP_PORT: ${SUPERBLOCKS_AGENT_PORT:-8080}
  SUPERBLOCKS_ORCHESTRATOR_DATA_DOMAIN: ${SUPERBLOCKS_AGENT_DATA_DOMAIN:-app.superblocks.com}
  SUPERBLOCKS_ORCHESTRATOR_HANDLE_CORS: "true"
  NODE_OPTIONS: --max-old-space-size=${SUPERBLOCKS_AGENT_MEMORY_LIMIT:-3000}
  SUPERBLOCKS_ORCHESTRATOR_SUPERBLOCKS_URL: ${__SUPERBLOCKS_AGENT_SERVER_URL:-https://api.superblocks.com}
  SUPERBLOCKS_ORCHESTRATOR_OTEL_COLLECTOR_HTTP_URL: "${SUPERBLOCKS_ORCHESTRATOR_OTEL_COLLECTOR_HTTP_URL:-https://traces.intake.superblocks.com/v1/traces}"
  SUPERBLOCKS_ORCHESTRATOR_EMITTER_REMOTE_INTAKE: "${SUPERBLOCKS_ORCHESTRATOR_EMITTER_REMOTE_INTAKE:-https://logs.intake.superblocks.com}"
  SUPERBLOCKS_ORCHESTRATOR_INTAKE_METADATA_URL: "${SUPERBLOCKS_ORCHESTRATOR_INTAKE_METADATA_URL:-https://metadata.intake.superblocks.com}"
  SUPERBLOCKS_ORCHESTRATOR_SIGNATURE_SIGNING_KEY_ID: "${SUPERBLOCKS_ORCHESTRATOR_SIGNATURE_SIGNING_KEY_ID:-}"
  SUPERBLOCKS_ORCHESTRATOR_SIGNATURE_VERIFICATION_KEY_IDS: "${SUPERBLOCKS_ORCHESTRATOR_SIGNATURE_VERIFICATION_KEY_IDS:-}"
  SUPERBLOCKS_ORCHESTRATOR_SIGNATURE_KEYS: "${SUPERBLOCKS_ORCHESTRATOR_SIGNATURE_KEYS:-}"
  SUPERBLOCKS_ORCHESTRATOR_SIGNATURE_ENABLED: "${SUPERBLOCKS_ORCHESTRATOR_SIGNATURE_ENABLED:-false}"
  SUPERBLOCKS_ORCHESTRATOR_RESIGNER_ENABLED: "${SUPERBLOCKS_ORCHESTRATOR_RESIGNER_ENABLED:-false}"
  SUPERBLOCKS_ORCHESTRATOR_FILE_SERVER_URL: http://127.0.0.1:${SUPERBLOCKS_AGENT_PORT:-8080}/v2/files

services:
  proxy:
    # Configurable variables for traefik to set up https
    # SUPERBLOCKS_LETSENCRYPT_EMAIL, default ''
    # SUPERBLOCKS_PROXY_REPLICA_COUNT, default 0
    # SUPERBLOCKS_LETSENCRYPT_DIR, default letsencrypt
    # SUPERBLOCKS_AGENT_CUSTOM_DOMAIN, default .+
    image: traefik:v2.8
    deploy:
      replicas: ${SUPERBLOCKS_PROXY_REPLICA_COUNT:-0}
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - './${SUPERBLOCKS_LETSENCRYPT_DIR:-letsencrypt}:/${SUPERBLOCKS_LETSENCRYPT_DIR:-letsencrypt}'
    command:
      - '--log.level=${SUPERBLOCKS_PROXY_LOG_LEVEL:-INFO}'
      - '--providers.docker=true'
      - '--entrypoints.web.address=:80'
      - '--entrypoints.websecure.address=:443'
      - '--certificatesresolvers.letsencrypt.acme.email=${SUPERBLOCKS_LETSENCRYPT_EMAIL:-}'
      - '--certificatesresolvers.letsencrypt.acme.storage=/${SUPERBLOCKS_LETSENCRYPT_DIR:-letsencrypt}/acme.json'
      - '--certificatesresolvers.letsencrypt.acme.httpchallenge=true'
      - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web'
    labels:
      ### core config
      - 'traefik.enable=true'

      ### http to https redirect
      - 'traefik.http.routers.http-catchall.entrypoints=web'
      - 'traefik.http.routers.http-catchall.rule=Host(`${SUPERBLOCKS_AGENT_CUSTOM_DOMAIN:-}`)'
      - 'traefik.http.routers.http-catchall.middlewares=redirect-to-https'
      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'
    restart: unless-stopped

  agent:
    image: ${SUPERBLOCKS_DOCKER_AGENT_REPOSITORY:-ghcr.io/superblocksteam/agent}:${SUPERBLOCKS_DOCKER_AGENT_TAG:-latest}
    pull_policy: ${SUPERBLOCKS_DOCKER_IMAGE_PULL_POLICY:-always}
    environment:
      <<: *environment
      __SUPERBLOCKS_WORKER_LOCAL_ENABLED: 'true'
      SUPERBLOCKS_WORKER_TLS_INSECURE: 'true'
      SUPERBLOCKS_CONTROLLER_DISCOVERY_ENABLED: 'false'
    ports:
      - '${SUPERBLOCKS_AGENT_PORT:-8080}:${SUPERBLOCKS_AGENT_PORT:-8080}'
      - '${SUPERBLOCKS_ORCHESTRATOR_METRICS_PORT:-9090}'
    labels:
      - 'traefik.http.routers.controller.rule=Host(`${SUPERBLOCKS_AGENT_CUSTOM_DOMAIN:-}`)'
      - 'traefik.http.routers.controller.entrypoints=websecure'
      - 'traefik.http.routers.controller.tls=true'
      - 'traefik.http.routers.controller.tls.certresolver=letsencrypt'
      - 'traefik.http.services.controller.loadbalancer.server.port=${SUPERBLOCKS_AGENT_PORT:-8080}'
    restart: unless-stopped
    logging:
      options:
        # Follows this format:
        #
        #   https://docs.docker.com/compose/compose-file/#specifying-byte-values
        #
        max-size: ${SUPERBLOCKS_AGENT_LOGGING_MAX_SIZE:-12m}
        max-file: ${SUPERBLOCKS_AGENT_LOGGING_MAX_FILES:-5}
      driver: ${SUPERBLOCKS_AGENT_LOGGING_DRIVER:-json-file}