# https://docs.docker.com/compose/compose-file/compose-file-v2/

# [...] By default, every container joins an application-wide default network,
# and is discoverable at a hostname that’s the same as the service name. [...]

# [ansible's docker_service module] works with compose versions 1 and 2.
# https://docs.ansible.com/ansible/latest/modules/docker_service_module.html

version: '2.1'
services:
  db:
    image: postgres:10.5-alpine
    environment:
      POSTGRES_DB: koel
      POSTGRES_USER: koel
      POSTGRES_PASSWORD: secret
    # WORKAROUND cannot whitelist required caps [chown, setuid, setgid, fowner]
    cap_drop: [setpcap, mknod, audit_write, net_raw, fsetid,
               kill, net_bind_service, sys_chroot, setfcap]
    # --security-opt=no-new-privileges
    # https://docs.docker.com/engine/reference/builder/#healthcheck
    # https://github.com/docker-library/healthcheck/blob/master/postgres/docker-healthcheck
    # TODO use env vars
    healthcheck:
      test: echo 'SELECT 1' | psql --username koel --dbname koel >/dev/null || exit 1
    restart: unless-stopped
  web:
    image: fphammerle/koel:3.7.2-wait-amd64
    environment:
      DB_CONNECTION: pgsql
      DB_HOST: db
      DB_PORT: 5432
      DB_DATABASE: koel
      DB_PASSWORD: secret
    ports: ['127.0.0.1:8080:8080']
    # --security-opt=no-new-privileges
    cap_drop: [all]
    # removed condition 'service_healthy' since:
    # - [Compose] version 3 no longer supports the condition form of depends_on.
    #   https://docs.docker.com/compose/compose-file/#depends_on
    # - script run-koel.sh now waits for db's tcp port to become available
    #   as recommended by https://docs.docker.com/compose/startup-order/
    depends_on: [db]
    restart: unless-stopped