rsocials-online/deploy/docker-compose.bcrg.yml

services:
  postiz-bcrg:
    image: ghcr.io/gitroomhq/postiz-app:latest
    container_name: postiz-bcrg
    restart: unless-stopped
    entrypoint: ["/infisical-entrypoint.sh"]
    command: ["docker-entrypoint.sh", "sh", "-c", "nginx && pnpm run pm2"]
    environment:
      # === Infisical secret injection ===
      INFISICAL_CLIENT_ID: "${INFISICAL_CLIENT_ID}"
      INFISICAL_CLIENT_SECRET: "${INFISICAL_CLIENT_SECRET}"
      INFISICAL_PROJECT_SLUG: "postiz-bondingcurve"
      INFISICAL_ENV: "prod"
      INFISICAL_URL: "http://infisical:8080"
      # === Config (not secrets) ===
      MAIN_URL: "https://bondingcurve.rsocials.online"
      FRONTEND_URL: "https://bondingcurve.rsocials.online"
      NEXT_PUBLIC_BACKEND_URL: "https://bondingcurve.rsocials.online/api"
      DATABASE_URL: "postgresql://postiz:${POSTGRES_PASSWORD}@postiz-bcrg-postgres:5432/postiz"
      REDIS_URL: "redis://postiz-bcrg-redis:6379"
      BACKEND_INTERNAL_URL: "http://localhost:3000"
      TEMPORAL_ADDRESS: "postiz-bcrg-temporal:7233"
      IS_GENERAL: "true"
      DISABLE_REGISTRATION: "false"
      STORAGE_PROVIDER: "local"
      UPLOAD_DIRECTORY: "/uploads"
      NEXT_PUBLIC_UPLOAD_DIRECTORY: "/uploads"
      # === OAuth config (client_id/secret come from Infisical) ===
      POSTIZ_GENERIC_OAUTH: "true"
      NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME: "Pocket ID"
      NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL: "https://raw.githubusercontent.com/pocket-id/pocket-id/refs/heads/main/frontend/static/img/static-logo.svg"
      POSTIZ_OAUTH_URL: "https://auth.ridentity.online"
      POSTIZ_OAUTH_AUTH_URL: "https://auth.ridentity.online/authorize"
      POSTIZ_OAUTH_TOKEN_URL: "https://auth.ridentity.online/api/oidc/token"
      POSTIZ_OAUTH_USERINFO_URL: "https://auth.ridentity.online/api/oidc/userinfo"
      # === Email config (EMAIL_PASS comes from Infisical) ===
      EMAIL_PROVIDER: "nodemailer"
      EMAIL_FROM_NAME: "Bonding Curve Research"
      EMAIL_FROM_ADDRESS: "noreply@rmail.online"
      EMAIL_HOST: "mailcowdockerized-postfix-mailcow-1"
      EMAIL_PORT: "587"
      EMAIL_SECURE: "false"
      EMAIL_USER: "noreply@rmail.online"
      NODE_TLS_REJECT_UNAUTHORIZED: "0"
      API_LIMIT: 30
      NX_ADD_PLUGINS: false
    volumes:
      - postiz-bcrg-config:/config/
      - postiz-bcrg-uploads:/uploads/
      - /opt/infisical/entrypoint-wrapper.sh:/infisical-entrypoint.sh:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.postiz-bcrg.rule=Host(`bondingcurve.rsocials.online`) || Host(`socials.bondingcurve.tech`)"
      - "traefik.http.routers.postiz-bcrg.entrypoints=web,websecure"
      - "traefik.http.services.postiz-bcrg.loadbalancer.server.port=5000"
      - "traefik.docker.network=traefik-public"
    networks:
      - traefik-public
      - postiz-bcrg-internal
      - mailcow-network
    depends_on:
      postiz-bcrg-postgres:
        condition: service_healthy
      postiz-bcrg-redis:
        condition: service_healthy
      postiz-bcrg-temporal:
        condition: service_started

  postiz-bcrg-postgres:
    image: postgres:17-alpine
    container_name: postiz-bcrg-postgres
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
      POSTGRES_USER: postiz
      POSTGRES_DB: postiz
    volumes:
      - postiz-bcrg-postgres-data:/var/lib/postgresql/data
    networks:
      - postiz-bcrg-internal
    healthcheck:
      test: pg_isready -U postiz -d postiz
      interval: 10s
      timeout: 3s
      retries: 3

  postiz-bcrg-redis:
    image: redis:7.2
    container_name: postiz-bcrg-redis
    restart: unless-stopped
    healthcheck:
      test: redis-cli ping
      interval: 10s
      timeout: 3s
      retries: 3
    volumes:
      - postiz-bcrg-redis-data:/data
    networks:
      - postiz-bcrg-internal

  postiz-bcrg-elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.24
    container_name: postiz-bcrg-elasticsearch
    restart: unless-stopped
    environment:
      - discovery.type=single-node
      - xpack.security.enabled=false
      - "ES_JAVA_OPTS=-Xms256m -Xmx256m"
    volumes:
      - postiz-bcrg-elasticsearch-data:/usr/share/elasticsearch/data
    networks:
      - postiz-bcrg-internal
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9200/_cluster/health"]
      interval: 30s
      timeout: 10s
      retries: 5

  postiz-bcrg-temporal-postgres:
    image: postgres:16
    container_name: postiz-bcrg-temporal-postgres
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: temporal
      POSTGRES_USER: temporal
    networks:
      - postiz-bcrg-internal
    volumes:
      - postiz-bcrg-temporal-postgres-data:/var/lib/postgresql/data

  postiz-bcrg-temporal:
    image: temporalio/auto-setup:1.28.1
    container_name: postiz-bcrg-temporal
    restart: unless-stopped
    depends_on:
      - postiz-bcrg-temporal-postgres
      - postiz-bcrg-elasticsearch
    environment:
      - DB=postgres12
      - DB_PORT=5432
      - POSTGRES_USER=temporal
      - POSTGRES_PWD=temporal
      - POSTGRES_SEEDS=postiz-bcrg-temporal-postgres
      - ENABLE_ES=true
      - ES_SEEDS=postiz-bcrg-elasticsearch
      - ES_VERSION=v7
      - TEMPORAL_NAMESPACE=default
    networks:
      - postiz-bcrg-internal

volumes:
  postiz-bcrg-postgres-data:
  postiz-bcrg-redis-data:
  postiz-bcrg-config:
  postiz-bcrg-uploads:
  postiz-bcrg-temporal-postgres-data:
  postiz-bcrg-elasticsearch-data:

networks:
  traefik-public:
    external: true
  postiz-bcrg-internal:
    driver: bridge
  mailcow-network:
    external: true
    name: mailcowdockerized_mailcow-network