services:
  passbolt_db:
    image: "mariadb:11"
    container_name: "Passbolt_db"
    hostname: "passbolt_db"
    restart: "unless-stopped"
    user: "2008:2008"
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_DATABASE: "passboltdb"
      MYSQL_USER: "passboltadm"
      MYSQL_PASSWORD_FILE: "${DB_PASS}"
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/data/docker/passbolt-prod-3/db-data:/var/lib/mysql:rw"

  passbolt:
    image: "passbolt/passbolt:latest-ce-non-root"
    container_name: "Passbolt"
    hostname: "passbolt"
    restart: "unless-stopped"
    #user: "10005:10005"
    depends_on:
      - "passbolt_db"
    environment:
      APP_FULL_BASE_URL: "https://passbolt.unixyourbrain.org"
      DATASOURCES_DEFAULT_HOST: "passbolt_db"
      DATASOURCES_DEFAULT_DATABASE: "passboltdb"
      DATASOURCES_DEFAULT_USERNAME: "passboltadm"
      DATASOURCES_DEFAULT_PASSWORD_FILE: "DB_PASS"
    command: 
      [
        "/usr/bin/wait-for.sh", 
        "-t", 
        "0", 
        "passbolt_db:3306", 
        "--", 
        "/docker-entrypoint.sh" 
      ]
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/data/docker/passbolt-prod-3/gpg:/etc/passbolt/gpg:ro"
      - "/data/docker/passbolt-prod-3/jwt:/etc/passbolt/jwt:ro"
    ports:
      - 10.0.0.1:2008:8080
    #  - 443:443
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433
    labels:
      traefik.enable: "true"
      traefik.http.routers.passbolt.entrypoints: "websecure"
      traefik.http.routers.passbolt.rule: "Host(`passbolt.unixyourbrain.org`)"
      traefik.http.routers.passbolt.middlewares: "sslheader@file"
      traefik.http.routers.passbolt.tls: "true"
      traefik.http.routers.passbolt.tls.certresolver: "letsencrypt"
      traefik.http.services.passbolt.loadbalancer.server.port: "8080"
      traefik.http.services.passbolt.loadbalancer.server.scheme: "http"