services:
  database:
    image: postgres:13.4-alpine
    environment:
      - POSTGRES_USER=hedgedoc
      - POSTGRES_PASSWORD=HISTORY_PURGED_SECRET
      - POSTGRES_DB=hedgedoc
    volumes:
      - /data/hedgedoc/pgsql:/var/lib/postgresql/data
    restart: always
  app:
    # Make sure to use the latest release from https://hedgedoc.org/latest-release
    image: quay.io/hedgedoc/hedgedoc:latest
    environment:
      - CMD_DB_URL=postgres://hedgedoc:HISTORY_PURGED_SECRET@database:5432/hedgedoc
      - CMD_DOMAIN=hedgedoc.atlantishq.de
      - CMD_PROTOCOL_USESSL=true
      - CMD_ALLOW_ORIGIN=['hedgedoc.atlantishq.de']
      - CMD_EMAIL=false
      - CMD_ALLOW_EMAIL_REGISTER=false
      - CMD_OAUTH2_USER_PROFILE_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/userinfo
      - CMD_OAUTH2_TOKEN_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/token
      - CMD_OAUTH2_AUTHORIZATION_URL=https://{{ keycloak_address }}/realms/master/protocol/openid-connect/auth
      - CMD_OAUTH2_CLIENT_ID=z_hedgedoc
      - CMD_OAUTH2_CLIENT_SECRET=HISTORY_PURGED_SECRET
      - CMD_OAUTH2_SCOPE=openid email profile
      - CMD_OAUTH2_ROLES_CLAIM=roles
      - CMD_OAUTH2_PROVIDERNAME=AtlantisHQ Auth
      - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
      - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
      - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
    volumes:
      - /data/hedgedoc/uploads:/hedgedoc/public/uploads
    ports:
      - "5012:3000"
    restart: always
    depends_on:
      - database