OpenSlides/docker/docker-compose.yml.m4

dnl This is a YAML template file.  Simply translate it with m4 to create
dnl a standard configuration.  Customizations can and should be added in .env
dnl by setting the appropriate variables.
dnl
dnl Usage:
dnl   m4 docker-compose.yml.m4 > docker-compose.yml
dnl   ( set -a; source .env; m4 docker-compose.yml.m4 ) > docker-compose.yml
dnl
dnl ----------------------------------------
divert(-1)dnl
define(`read_env', `esyscmd(`printf "%s" "$$1"')')
define(`ifenvelse', `ifelse(read_env(`$1'),, `$2', read_env(`$1'))')

define(`BACKEND_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_BACKEND_NAME', openslides-backend):dnl
ifenvelse(`DOCKER_OPENSLIDES_BACKEND_TAG', latest-4))
define(`PROXY_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_PROXY_NAME', openslides-proxy):dnl
ifenvelse(`DOCKER_OPENSLIDES_PROXY_TAG', latest-4))
define(`CLIENT_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_CLIENT_NAME', openslides-client):dnl
ifenvelse(`DOCKER_OPENSLIDES_CLIENT_TAG', latest-4))
define(`AUTH_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_AUTH_NAME', openslides-auth):dnl
ifenvelse(`DOCKER_OPENSLIDES_AUTH_TAG', latest-4))
define(`AUTOUPDATE_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_AUTOUPDATE_NAME', openslides-autoupdate):dnl
ifenvelse(`DOCKER_OPENSLIDES_AUTOUPDATE_TAG', latest-4))
define(`DATASTORE_READER_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_DATASTORE_READER_NAME', openslides-datastore-reader):dnl
ifenvelse(`DOCKER_OPENSLIDES_DATASTORE_READER_TAG', latest-4))
define(`DATASTORE_WRITER_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_DATASTORE_WRITER_NAME', openslides-datastore-writer):dnl
ifenvelse(`DOCKER_OPENSLIDES_DATASTORE_WRITER_TAG', latest-4))
define(`MEDIA_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_MEDIA_NAME', openslides-media):dnl
ifenvelse(`DOCKER_OPENSLIDES_MEDIA_TAG', latest-4))
define(`MANAGE_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_MANAGE_NAME', openslides-manage):dnl
ifenvelse(`DOCKER_OPENSLIDES_MANAGE_TAG', latest-4))
define(`PERMISSION_IMAGE',
ifenvelse(`DEFAULT_DOCKER_REGISTRY', openslides)/dnl
ifenvelse(`DOCKER_OPENSLIDES_PERMISSION_NAME', openslides-permission):dnl
ifenvelse(`DOCKER_OPENSLIDES_PERMISSION_TAG', latest-4))

define(`PROJECT_DIR', ifdef(`PROJECT_DIR',PROJECT_DIR,.))
define(`ADMIN_SECRET_AVAILABLE', `syscmd(`test -f 'PROJECT_DIR`/secrets/admin.env')sysval')
divert(0)dnl
dnl ----------------------------------------
# This configuration was created from a template file.  Before making changes,
# please make sure that you do not have a process in place that would override
# your changes in the future.  The accompanying .env file might be the correct
# place for customizations instead.
version: '3.4'

services:
  proxy:
    image: PROXY_IMAGE
    depends_on:
      - client
      - backend
      - autoupdate
      - auth
      - media
    networks:
      - uplink
      - frontend
    ports:
      - "127.0.0.1:ifenvelse(`EXTERNAL_HTTP_PORT', 8000):8000"

  client:
    image: CLIENT_IMAGE
    networks:
      - frontend
    depends_on:
      - backend
      - autoupdate

  backend:
    image: BACKEND_IMAGE
    depends_on:
      - datastore-reader
      - datastore-writer
    env_file: services.env
    networks:
      - frontend
      - backend
    secrets:
      - auth_token_key
      - auth_cookie_key

  datastore-reader:
    image: DATASTORE_READER_IMAGE
    depends_on:
      - postgres
    env_file: services.env
    environment:
      - NUM_WORKERS=8
    networks:
      - backend
      - datastore-reader
      - postgres

  datastore-writer:
    image: DATASTORE_WRITER_IMAGE
    depends_on:
      - postgres
      - message-bus
    env_file: services.env
    networks:
      - backend
      - postgres
      - message-bus
    environment:
      - COMMAND=create_initial_data
      - DATASTORE_INITIAL_DATA_FILE=/data/initial-data.json
    volumes:
      - ./initial-data.json:/data/initial-data.json

  postgres:
    image: postgres:11
    environment:
      - POSTGRES_USER=openslides
      - POSTGRES_PASSWORD=openslides
      - POSTGRES_DB=openslides
    networks:
      - postgres

  autoupdate:
    image: AUTOUPDATE_IMAGE
    depends_on:
      - datastore-reader
      - message-bus
    env_file: services.env
    networks:
      - frontend
      - backend
      - message-bus
    secrets:
      - auth_token_key
      - auth_cookie_key

  auth:
    image: AUTH_IMAGE
    depends_on:
      - datastore-reader
      - message-bus
      - cache
    env_file: services.env
    networks:
      - datastore-reader
      - frontend
      - message-bus
      - auth
    secrets:
      - auth_token_key
      - auth_cookie_key

  cache:
    image: redis:latest
    networks:
      - auth

  message-bus:
    image: redis:latest
    networks:
      - message-bus

  media:
    image: MEDIA_IMAGE
    depends_on:
      - backend
      - postgres
    env_file: services.env
    networks:
      - frontend
      - backend
      - postgres

  manage:
    image: MANAGE_IMAGE
    depends_on:
    - auth
    - datastore-writer
    env_file: services.env
    networks:
    - backend
    - auth

  # TODO: Remove depenencies to auth and datastore in "depends_on" and "networks"
  # Should be doable when the manage service is fixed
  manage-setup:
    image: MANAGE_IMAGE
    entrypoint: /root/entrypoint-setup
    depends_on:
    - manage
    - auth
    - datastore-writer
    - datastore-reader
    env_file: services.env
    environment:
      ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
    networks:
    - backend
    - auth
    ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
      - admin)

  permission:
    image: PERMISSION_IMAGE
    depends_on:
    - datastore-reader
    env_file: services.env
    networks:
    - backend
    - auth

# Setup: host <-uplink-> proxy <-frontend-> services that are reachable from the client <-backend-> services that are internal-only
# There are special networks for some services only, e.g. postgres only for the postgresql, datastore reader and datastore writer
networks:
  uplink:
  frontend:
    internal: true
  backend:
    internal: true
  postgres:
    internal: true
  datastore-reader:
    internal: true
  message-bus:
    internal: true
  auth:
    internal: true

secrets:
  auth_token_key:
    file: ./secrets/auth_token_key
  auth_cookie_key:
    file: ./secrets/auth_cookie_key
  ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
    file: ./secrets/admin.env)