version: "3.7"

services:
  app_proxy:
    environment:
      APP_HOST: penpot_penpot-frontend_1
      APP_PORT: 80
      # Can consider disabling auth all together. Penpot has its own auth system.
      PROXY_AUTH_WHITELIST: "/api/*"

  penpot-frontend:
    image: penpotapp/frontend:2.1.2@sha256:fabd50fb29567fb53ebf2aedd3f717b89f4b44b06a44414f2a29558b3f10ce55
    volumes:
      - ${APP_DATA_DIR}/data/assets:/opt/data/assets
    environment:
      - PENPOT_FLAGS=enable-registration enable-login-with-password
    depends_on:
      - penpot-backend
      - penpot-exporter
    restart: on-failure

  penpot-backend:
    image: penpotapp/backend:2.1.2@sha256:8c244f241d261620f50c02c0bd61e59b41c0e8dc96d3708c134076d6fb9187af
    # user 1000:1000 to avoid permission issues when importing libraries and templates
    user: "1000:1000"
    volumes:
      - ${APP_DATA_DIR}/data/assets:/opt/data/assets
    environment:
      - PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification disable-smtp enable-prepl-server disable-secure-session-cookies
      - PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
      - PENPOT_DATABASE_USERNAME=penpot
      - PENPOT_DATABASE_PASSWORD=penpot
      - PENPOT_REDIS_URI=redis://penpot-redis/0
      - PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
      - PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
      - PENPOT_TELEMETRY_ENABLED=false
      # PENPOT_PUBLIC_URI needs to be set to in order to render thumbnails in the frontend
      - PENPOT_PUBLIC_URI=http://${DEVICE_DOMAIN_NAME}:${APP_PENPOT_UI_PORT}
    depends_on:
      - penpot-postgres
      - penpot-redis
    restart: on-failure

  penpot-exporter:
    image: penpotapp/exporter:2.1.2@sha256:e155660771dc2f966962efdb2b3c2aeedb4bfb50e8de18cacc0f4b2d12c6a90e
    user: "1000:1000"
    environment:
      - PENPOT_PUBLIC_URI=http://penpot-frontend
      - PENPOT_REDIS_URI=redis://penpot-redis/0
    restart: on-failure

  penpot-postgres:
    image: postgres:15@sha256:546445ad21cb5893c0997080b831ee45945e798c4359270e16413c8bd93575db
    user: "1000:1000"
    stop_signal: SIGINT
    volumes:
      - ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data
    environment:
      - POSTGRES_INITDB_ARGS=--data-checksums
      - POSTGRES_DB=penpot
      - POSTGRES_USER=penpot
      - POSTGRES_PASSWORD=penpot
    restart: on-failure

  penpot-redis:
    image: redis:7@sha256:45bfd95117a171ff9c1b5304bdae80a7a61eb5bbf0793d6a86c9078526ad88fa
    user: "1000:1000"
    restart: on-failure