ansible-role-chill/templates/compose.yaml

services:

    frontend:
        image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ item.chill_image_tag }}
        links:
            - app:php
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
            - "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=web"
            - "traefik.docker.network=traefik"
        {% if item.expose_port is not false -%}
        ports:
            - "{{ item.expose_port }}:80"
        {% endif -%}
        networks:
            - traefik
            - default

    app:
        image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ item.chill_image_tag }}
        env_file:
            - env_file.env
        volumes:
            - './config/prod:/var/www/app/config/packages/prod:ro'
            - './var:/var/www/app/var:rw'
            - '/var/logs/chill:/var/www/app/logs'
        links:
            - redis
            - relatorio
            - rabbitmq
            {% if item.add_postgres -%}
            - database
            {%- endif %}

        networks:
            - default

  {% if item.add_postgres %}

    database:
        image: "{{ database_image }}"
        env_file:
            - postgres.env
        environment:
            POSTGRES_DB: ${POSTGRES_DB:-app}
            # You should definitely change the password in production
            POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-!ChangeMe!}
            POSTGRES_USER: ${POSTGRES_USER:-app}
        volumes:
            - ./docker/db/data:/var/lib/postgresql/data:rw
        networks:
            - default

  {% endif %}

    ###> chill-project/chill-bundles ###
    redis:
        image: redis
        networks:
            - default

    relatorio:
        image: registry.gitlab.com/champs-libres/public/relatorio-tornado/app:latest
        networks:
            - default
    ###< chill-project/chill-bundles ###

#    sign-worker:
#        image: h3m6q87t.gra7.container-registry.ovh.net/sign-pdf-worker/worker:latest
#        environment:
#            AMQP_URL: amqp://guest:guest@rabbitmq:5672/%2f/to_python_sign
#            LOG_LEVEL: INFO
#            PKCS12_PATH: /etc/sign-pdf/dummy.p12
#            TIMESTAMP_URL: http://freetsa.org/tsr
#            QUEUE_IN: to_python_sign
#            EXCHANGE_OUT: signed_docs
#            OUT_ROUTING_KEY: signed_doc
#            TSA_CERT_CHAIN: /etc/sign-pdf/tsa/tsa-chain.pem
#            TSA_CONFIG_PATH: /etc/sign-pdf/rootca.conf
#            TSA_KEY_PASSWORD: "5678"
#        volumes:
#            - "./resources/dev-certificate/dummy.p12:/etc/sign-pdf/dummy.p12:ro"
#            - "./resources/dev-certificate/rootca.conf:/etc/sign-pdf/rootca.conf:ro"
#            - "./resources/dev-certificate/tsa:/etc/sign-pdf/tsa:ro"
#            - "./resources/dev-certificate/tsa_serial:/var/lib/tsa/tsa_serial:rw"
#        links:
#            - rabbitmq
#        depends_on:
#            rabbitmq:
#                condition: service_healthy

    rabbitmq:
        image: rabbitmq:3-management-alpine
        env_file:
            -   rabbitmq.env
        healthcheck:
            test: rabbitmq-diagnostics -q ping
            interval: 30s
            timeout: 30s
            retries: 3
        networks:
            - default

networks:
    traefik:
        external: true
    default: