# =============================================================================
# Postiz Stack — Space: {{SPACE_NAME}}
# =============================================================================
# Generated by generate.sh from spaces.yml — DO NOT EDIT DIRECTLY.
# To modify, edit spaces.yml and re-run: ./generate.sh
# Primary: {{PRIMARY_DOMAIN}} | Fallback: {{FALLBACK_DOMAIN}}
#
# Secrets (JWT_SECRET, EMAIL_PASS, social API keys, OAuth secrets) are
# injected at runtime by the Infisical entrypoint wrapper.
# Only INFISICAL_* credentials and POSTGRES_PASSWORD go in .env.

services:
  postiz-{{SPACE_SLUG}}:
    image: {{POSTIZ_IMAGE}}
    container_name: postiz-{{SPACE_SLUG}}
    restart: unless-stopped
    # Infisical wrapper injects secrets then runs original entrypoint
    entrypoint: ["/infisical-entrypoint.sh"]
    command: ["docker-entrypoint.sh", "sh", "-c", "nginx && pnpm run pm2"]
    environment:
      # --- Infisical (credentials from .env) ---
      INFISICAL_CLIENT_ID: '${INFISICAL_CLIENT_ID}'
      INFISICAL_CLIENT_SECRET: '${INFISICAL_CLIENT_SECRET}'
      INFISICAL_PROJECT_SLUG: '{{INFISICAL_SLUG}}'
      INFISICAL_ENV: 'prod'
      INFISICAL_URL: 'http://infisical:8080'

      # --- App Config (non-secret, stays in compose) ---
      MAIN_URL: 'https://{{PRIMARY_DOMAIN}}'
      FRONTEND_URL: 'https://{{PRIMARY_DOMAIN}}'
      NEXT_PUBLIC_BACKEND_URL: 'https://{{PRIMARY_DOMAIN}}/api'
      DATABASE_URL: 'postgresql://postiz:${POSTGRES_PASSWORD}@postiz-{{SPACE_SLUG}}-postgres:5432/postiz'
      REDIS_URL: 'redis://postiz-{{SPACE_SLUG}}-redis:6379'
      BACKEND_INTERNAL_URL: 'http://localhost:3000'
      TEMPORAL_ADDRESS: "postiz-{{SPACE_SLUG}}-temporal:7233"
      IS_GENERAL: '{{IS_GENERAL}}'
      DISABLE_REGISTRATION: '{{DISABLE_REG}}'

      # Pocket ID OAuth (config only — client_id/secret from Infisical)
{{OAUTH_BLOCK}}

      # Storage
      STORAGE_PROVIDER: '{{STORAGE_PROVIDER}}'
      UPLOAD_DIRECTORY: '{{UPLOAD_DIR}}'
      NEXT_PUBLIC_UPLOAD_DIRECTORY: '{{UPLOAD_DIR}}'

      # Email (config only — EMAIL_PASS from Infisical)
      EMAIL_PROVIDER: '{{EMAIL_PROVIDER}}'
      EMAIL_FROM_NAME: '{{EMAIL_FROM_NAME}}'
      EMAIL_FROM_ADDRESS: '{{EMAIL_FROM}}'
      EMAIL_HOST: '{{EMAIL_HOST}}'
      EMAIL_PORT: '{{EMAIL_PORT}}'
      EMAIL_SECURE: '{{EMAIL_SECURE}}'
      EMAIL_USER: '{{EMAIL_USER}}'
      NODE_TLS_REJECT_UNAUTHORIZED: '0'

      # Misc
      NX_ADD_PLUGINS: false
      API_LIMIT: {{API_LIMIT}}

      # --- Secrets injected by Infisical at runtime ---
      # JWT_SECRET, EMAIL_PASS, OPENAI_API_KEY,
      # POSTIZ_OAUTH_CLIENT_ID, POSTIZ_OAUTH_CLIENT_SECRET,
      # X_API_KEY, X_API_SECRET, LINKEDIN_CLIENT_ID, etc.

    volumes:
      - /opt/infisical/entrypoint-wrapper.sh:/infisical-entrypoint.sh:ro
      - postiz-{{SPACE_SLUG}}-config:/config/
      - postiz-{{SPACE_SLUG}}-uploads:/uploads/
    labels:
{{TRAEFIK_LABELS}}
    networks:
      - traefik-public
      - postiz-{{SPACE_SLUG}}-internal
      - mailcow-network
    depends_on:
      postiz-{{SPACE_SLUG}}-postgres:
        condition: service_healthy
      postiz-{{SPACE_SLUG}}-redis:
        condition: service_healthy

  postiz-{{SPACE_SLUG}}-postgres:
    image: {{POSTGRES_IMAGE}}
    container_name: postiz-{{SPACE_SLUG}}-postgres
    restart: unless-stopped
{{SABLIER_LABELS_DB}}
    environment:
      POSTGRES_PASSWORD: '${POSTGRES_PASSWORD}'
      POSTGRES_USER: postiz
      POSTGRES_DB: postiz
    volumes:
      - postiz-{{SPACE_SLUG}}-postgres-data:/var/lib/postgresql/data
    networks:
      - postiz-{{SPACE_SLUG}}-internal
    healthcheck:
      test: pg_isready -U postiz -d postiz
      interval: 10s
      timeout: 3s
      retries: 3

  postiz-{{SPACE_SLUG}}-redis:
    image: {{REDIS_IMAGE}}
    container_name: postiz-{{SPACE_SLUG}}-redis
    restart: unless-stopped
{{SABLIER_LABELS_REDIS}}
    healthcheck:
      test: redis-cli ping
      interval: 10s
      timeout: 3s
      retries: 3
    volumes:
      - postiz-{{SPACE_SLUG}}-redis-data:/data
    networks:
      - postiz-{{SPACE_SLUG}}-internal

  postiz-{{SPACE_SLUG}}-temporal-postgres:
    image: {{TEMPORAL_PG_IMAGE}}
    container_name: postiz-{{SPACE_SLUG}}-temporal-postgres
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: temporal
      POSTGRES_USER: temporal
    networks:
      - postiz-{{SPACE_SLUG}}-internal
    volumes:
      - postiz-{{SPACE_SLUG}}-temporal-postgres-data:/var/lib/postgresql/data

  postiz-{{SPACE_SLUG}}-temporal:
    image: {{TEMPORAL_IMAGE}}
    container_name: postiz-{{SPACE_SLUG}}-temporal
    restart: unless-stopped
    depends_on:
      - postiz-{{SPACE_SLUG}}-temporal-postgres
    environment:
      - DB=postgres12
      - DB_PORT=5432
      - POSTGRES_USER=temporal
      - POSTGRES_PWD=temporal
      - POSTGRES_SEEDS=postiz-{{SPACE_SLUG}}-temporal-postgres
      - TEMPORAL_NAMESPACE=default
    networks:
      - postiz-{{SPACE_SLUG}}-internal

volumes:
  postiz-{{SPACE_SLUG}}-postgres-data:
  postiz-{{SPACE_SLUG}}-redis-data:
  postiz-{{SPACE_SLUG}}-config:
  postiz-{{SPACE_SLUG}}-uploads:
  postiz-{{SPACE_SLUG}}-temporal-postgres-data:

networks:
  traefik-public:
    external: true
  postiz-{{SPACE_SLUG}}-internal:
    internal: true
  mailcow-network:
    external: true
    name: mailcowdockerized_mailcow-network