---
version: "3.8"
services:
  db:
    build:
      context: .
      dockerfile: mariadb.Dockerfile
    env_file:
      - ./.env
    environment:
      MYSQL_CATS_DATABASE: cats
    volumes:
      - db:/var/lib/mysql
    ports:
      - "13306:3306"
    healthcheck:
      test: out=$$(mysqladmin ping -h localhost -P 3306 -u root -p$$MYSQL_ROOT_PASSWORD 2>&1); echo $$out | grep 'mysqld is alive' || { echo $$out ; exit 1 ; }
  smtp:
    build:
      context: .
      dockerfile: smtp.Dockerfile
    volumes:
      - maildir:/home/catchall/Maildir
  mail:
    build:
      context: .
      dockerfile: mail.Dockerfile
    volumes:
      - maildir:/home/catchall/Maildir
    env_file:
      - ./.env
  webdb:
    build:
      context: .
      dockerfile: webdb.Dockerfile
    environment:
      DEPLOYMENT_NAME: "CAcert.org Website (local development)"
      MYSQL_WEBDB_HOSTNAME: db
      MYSQL_WEBDB_DATABASE: cacert
      CSR_DIRECTORY: /srv/certs/csr
      CRT_DIRECTORY: /srv/certs/crt
      CRL_DIRECTORY: /srv/certs/crl
      DEFAULT_HOSTNAME: www.cacert.localhost
      SECURE_HOSTNAME: secure.cacert.localhost
      INSECURE_PORT: 8080
      SECURE_PORT: 8443
      RETURN_ADDRESS: "returns@cacert.localhost"
      SMTP_HOST: smtp
    env_file:
      - ./.env
    ports:
      - "8080:80"
      - "8443:443"
    depends_on:
      - db
      - smtp
    volumes:
      - ./cacert-software:/www
      - certstaging:/srv/certs
  mgr:
    build:
      context: .
      dockerfile: mgr.Dockerfile
    env_file:
      - ./.env
    ports:
      - "9443:443"
    depends_on:
      - db
      - mail
    volumes:
      - ./cacert-mgr:/var/www/mgr
  cats:
    build:
      context: .
      dockerfile: cats.Dockerfile
    env_file:
      - ./.env
    environment:
      CATS_NORMAL_HOSTNAME: "cats.cacert.localhost:7443"
      CATS_SECURE_HOSTNAME: "cats.cacert.localhost:7443"
      MYSQL_CATS_DATABASE: cats
    ports:
      - "7443:443"
    depends_on:
      - db
    volumes:
      - ./cacert-cats:/var/www/cats
  signer_client:
    build:
      context: .
      dockerfile: signer_client.Dockerfile
    env_file:
      - ./.env
    environment:
      MYSQL_WEBDB_HOSTNAME: db
      MYSQL_WEBDB_DATABASE: cacert
      CRT_DIRECTORY: /srv/certs/crt
      CRL_DIRECTORY: /srv/certs/crl
      SMTP_HOST: smtp
    volumes:
      - certstaging:/srv/certs
      - signersockets:/srv/sockets
    depends_on:
      - db
      - smtp
      - signer
  signer:
    build:
      context: .
      dockerfile: signer.Dockerfile
    environment:
      SIGNER_WORKDIR: /srv/ca/work
      SIGNER_CA_CONFIG: /srv/caconfig
      SIGNER_BASEDIR: /srv/ca
      SIGNER_GPG_KEYRING_DIR: /srv/ca/gpg
      SIGNER_GPG_ID: gpg@cacert.localhost
      SIGNER_CPS_URL: https://www.cacert.localhost:8443/cps.php
      SIGNER_OCSP_URL: http://ocsp.cacert.localhost/
    volumes:
      - signersockets:/srv/sockets
      - signerdata:/srv/ca

volumes:
  db: { }
  maildir: { }
  certstaging: { }
  signersockets: { }
  signerdata: { }