services:
  traefik:
    image: traefik:v3.6.2
    container_name: osnova-traefik
    command:
      - --api.dashboard=false
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --certificatesresolvers.le.acme.email=1@obolonsky.ru
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.le.acme.httpchallenge=true
      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/letsencrypt:/letsencrypt
    restart: unless-stopped

  postgres:
    image: postgres:16
    container_name: osnova-postgres
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      TZ: Europe/Moscow
      PGTZ: Europe/Moscow
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"]
      interval: 10s
      timeout: 5s
      retries: 10
    restart: unless-stopped

  n8n:
    image: n8nio/n8n:latest
    container_name: osnova-n8n
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      DB_TYPE: postgresdb
      DB_POSTGRESDB_HOST: postgres
      DB_POSTGRESDB_PORT: 5432
      DB_POSTGRESDB_DATABASE: ${POSTGRES_DB}
      DB_POSTGRESDB_USER: ${POSTGRES_USER}
      DB_POSTGRESDB_PASSWORD: ${POSTGRES_PASSWORD}
      N8N_HOST: ${N8N_HOST}
      N8N_PROTOCOL: https
      N8N_PORT: 5678
      N8N_EDITOR_BASE_URL: https://${N8N_HOST}
      WEBHOOK_URL: https://${N8N_HOST}/
      N8N_PROXY_HOPS: 1
      N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}
      N8N_DEFAULT_BINARY_DATA_MODE: filesystem
      N8N_BLOCK_ENV_ACCESS_IN_NODE: true
      N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: true
      N8N_GIT_NODE_DISABLE_BARE_REPOS: true
      TZ: Europe/Moscow
      GENERIC_TIMEZONE: Europe/Moscow
    volumes:
      - n8n_data:/home/node/.n8n
      - /opt:/files
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${N8N_HOST}`)
      - traefik.http.routers.n8n.entrypoints=websecure
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.tls.certresolver=le
      - traefik.http.services.n8n.loadbalancer.server.port=5678
    restart: unless-stopped

  filebrowser:
    image: filebrowser/filebrowser:latest
    container_name: osnova-filebrowser
    user: "0:0"
    volumes:
      - /opt:/srv
      - ./filebrowser:/config
    command:
      - --database
      - /config/filebrowser.db
      - --root
      - /srv
      - --address
      - 0.0.0.0
      - --port
      - "80"
    labels:
      - traefik.enable=true
      - traefik.http.routers.filebrowser.rule=Host(`${FILEBROWSER_HOST}`)
      - traefik.http.routers.filebrowser.entrypoints=websecure
      - traefik.http.routers.filebrowser.tls=true
      - traefik.http.routers.filebrowser.tls.certresolver=le
      - traefik.http.services.filebrowser.loadbalancer.server.port=80
    restart: unless-stopped

  pii-site:
    image: nginx:alpine
    container_name: osnova-pii-site
    volumes:
      - ./pii-site:/usr/share/nginx/html:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.pii.rule=Host(`${PII_HOST}`)
      - traefik.http.routers.pii.entrypoints=websecure
      - traefik.http.routers.pii.tls=true
      - traefik.http.routers.pii.tls.certresolver=le
      - traefik.http.services.pii.loadbalancer.server.port=80
    restart: unless-stopped

volumes:
  postgres_data:
  n8n_data: