services:
  postiz-p2pf:
    image: ghcr.io/gitroomhq/postiz-app:latest
    container_name: postiz-p2pf
    restart: unless-stopped
    entrypoint: ["/infisical-entrypoint.sh"]
    command: ["docker-entrypoint.sh", "sh", "-c", "nginx && pnpm run pm2"]
    environment:
      # === Infisical secret injection ===
      INFISICAL_CLIENT_ID: "${INFISICAL_CLIENT_ID}"
      INFISICAL_CLIENT_SECRET: "${INFISICAL_CLIENT_SECRET}"
      INFISICAL_PROJECT_SLUG: "postiz-p2pfoundation"
      INFISICAL_ENV: "prod"
      INFISICAL_URL: "http://infisical:8080"
      # === Config (not secrets) ===
      MAIN_URL: "https://p2pf.rsocials.online"
      FRONTEND_URL: "https://p2pf.rsocials.online"
      NEXT_PUBLIC_BACKEND_URL: "https://p2pf.rsocials.online/api"
      DATABASE_URL: "postgresql://postiz:${POSTGRES_PASSWORD}@postiz-p2pf-postgres:5432/postiz"
      REDIS_URL: "redis://postiz-p2pf-redis:6379"
      BACKEND_INTERNAL_URL: "http://localhost:3000"
      TEMPORAL_ADDRESS: "postiz-p2pf-temporal:7233"
      IS_GENERAL: "true"
      DISABLE_REGISTRATION: "false"
      STORAGE_PROVIDER: "local"
      UPLOAD_DIRECTORY: "/uploads"
      NEXT_PUBLIC_UPLOAD_DIRECTORY: "/uploads"
      # === OAuth config (client_id/secret come from Infisical) ===
      POSTIZ_GENERIC_OAUTH: "true"
      NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME: "Pocket ID"
      NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL: "https://raw.githubusercontent.com/pocket-id/pocket-id/refs/heads/main/frontend/static/img/static-logo.svg"
      POSTIZ_OAUTH_URL: "https://auth.jeffemmett.com"
      POSTIZ_OAUTH_AUTH_URL: "https://auth.jeffemmett.com/authorize"
      POSTIZ_OAUTH_TOKEN_URL: "https://auth.jeffemmett.com/api/oidc/token"
      POSTIZ_OAUTH_USERINFO_URL: "https://auth.jeffemmett.com/api/oidc/userinfo"
      # === Email config (EMAIL_PASS comes from Infisical) ===
      EMAIL_PROVIDER: "nodemailer"
      EMAIL_FROM_NAME: "P2P Foundation Socials"
      EMAIL_FROM_ADDRESS: "noreply@rmail.online"
      EMAIL_HOST: "mailcowdockerized-postfix-mailcow-1"
      EMAIL_PORT: "587"
      EMAIL_SECURE: "false"
      EMAIL_USER: "noreply@rmail.online"
      NODE_TLS_REJECT_UNAUTHORIZED: "0"
      API_LIMIT: 30
      NX_ADD_PLUGINS: false
    volumes:
      - postiz-p2pf-config:/config/
      - postiz-p2pf-uploads:/uploads/
      - /opt/infisical/entrypoint-wrapper.sh:/infisical-entrypoint.sh:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.postiz-p2pf.rule=Host(`p2pf.rsocials.online`) || Host(`socials.p2pfoundation.net`)"
      - "traefik.http.routers.postiz-p2pf.entrypoints=web,websecure"
      - "traefik.http.services.postiz-p2pf.loadbalancer.server.port=5000"
      - "traefik.docker.network=traefik-public"
    networks:
      - traefik-public
      - postiz-p2pf-internal
      - mailcow-network
    depends_on:
      postiz-p2pf-postgres:
        condition: service_healthy
      postiz-p2pf-redis:
        condition: service_healthy
      postiz-p2pf-temporal:
        condition: service_started

  postiz-p2pf-postgres:
    image: postgres:17-alpine
    container_name: postiz-p2pf-postgres
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
      POSTGRES_USER: postiz
      POSTGRES_DB: postiz
    volumes:
      - postiz-p2pf-postgres-data:/var/lib/postgresql/data
    networks:
      - postiz-p2pf-internal
    healthcheck:
      test: pg_isready -U postiz -d postiz
      interval: 10s
      timeout: 3s
      retries: 3

  postiz-p2pf-redis:
    image: redis:7.2
    container_name: postiz-p2pf-redis
    restart: unless-stopped
    healthcheck:
      test: redis-cli ping
      interval: 10s
      timeout: 3s
      retries: 3
    volumes:
      - postiz-p2pf-redis-data:/data
    networks:
      - postiz-p2pf-internal

  postiz-p2pf-temporal-postgres:
    image: postgres:16
    container_name: postiz-p2pf-temporal-postgres
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: temporal
      POSTGRES_USER: temporal
    networks:
      - postiz-p2pf-internal
    volumes:
      - postiz-p2pf-temporal-postgres-data:/var/lib/postgresql/data

  postiz-p2pf-temporal:
    image: temporalio/auto-setup:1.28.1
    container_name: postiz-p2pf-temporal
    restart: unless-stopped
    depends_on:
      - postiz-p2pf-temporal-postgres
    environment:
      - DB=postgres12
      - DB_PORT=5432
      - POSTGRES_USER=temporal
      - POSTGRES_PWD=temporal
      - POSTGRES_SEEDS=postiz-p2pf-temporal-postgres
      - TEMPORAL_NAMESPACE=default
    networks:
      - postiz-p2pf-internal

volumes:
  postiz-p2pf-postgres-data:
  postiz-p2pf-redis-data:
  postiz-p2pf-config:
  postiz-p2pf-uploads:
  postiz-p2pf-temporal-postgres-data:

networks:
  traefik-public:
    external: true
  postiz-p2pf-internal:
    driver: bridge
  mailcow-network:
    external: true
    name: mailcowdockerized_mailcow-network