services:
  planka:
    image: ghcr.io/plankanban/planka:2.0.0-rc.4
    command: >
      bash -c
        "for i in `seq 1 30`; do
          ./start.sh &&
          s=$$? && break || s=$$?;
          echo \"Tried $$i times. Waiting 5 seconds...\";
          sleep 5;
        done; (exit $$s)"
    restart: on-failure
    volumes:
      - favicons:/app/public/favicons
      - user-avatars:/app/public/user-avatars
      - background-images:/app/public/background-images
      - attachments:/app/private/attachments
    ports:
      - 3020:1337
    environment:
      - BASE_URL=https://task.scheidel.biz
      - TRUST_PROXY=true
      - DATABASE_URL=postgresql://postgres@postgres/planka
      - SECRET_KEY=4ce1fa1037ec2746fe465b5b8407ffc8093ff12291396553be802293b03ad4333524a837a6eea84a9036ee16613fe7687ec1f5f91ab88a77250c08f11e244abc
      - SMTP_HOST=smtp.strato.de
      - SMTP_USER=michael.scheidel@scheidel.biz
      - SMTP_PASSWORD=?EAM?Yes!01
      - SMTP_PORT=587
      - SMTP_SECURE=587
      - SMTP_FROM="Planka Board Familie Scheidel" <michael.scheidel@scheidel.biz>
      - OIDC_ISSUER=https://authentik.scheidel.biz/application/o/planka2/
      - OIDC_CLIENT_ID=2esA2ZLGAqVZnW1gnORuTnOzzzHgTlTwpd0KGvVm
      - OIDC_CLIENT_SECRET=X57eWHXrKnlTA6tXG4figS9KyHHwEZIHAHmqaAYFptYp07MC7NoeuK0MHrWeQxQ3mxdE0VyCYiULBTf2hPOMUSg3JVY1vGLDUxPrhzZ9Lh1CTqHwob6kGYJGpXxG8qHa
      - OIDC_SCOPES=openid profile email
      #- OIDC_ADMIN_ROLES=planka-admin
      - OIDC_IGNORE_ROLES=true
      - OIDC_ENFORCED=true

      - LOG_LEVEL=warn

      # - TRUST_PROXY=0
      # - TOKEN_EXPIRES_IN=365 # In days

      # related: https://github.com/knex/knex/issues/2354
      # As knex does not pass query parameters from the connection string we
      # have to use environment variables in order to pass the desired values, e.g.
      # - PGSSLMODE=<value>

      # Configure knex to accept SSL certificates
      # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false


      - DEFAULT_LANGUAGE=de-DE

      # - DEFAULT_ADMIN_EMAIL=demo@demo.demo # Do not remove if you want to prevent this user from being edited/deleted
      # - DEFAULT_ADMIN_PASSWORD=demo
      # - DEFAULT_ADMIN_NAME=Demo Demo
      # - DEFAULT_ADMIN_USERNAME=demo

      # - ACTIVE_USERS_LIMIT=
      # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.

      # - S3_ENDPOINT=
      # - S3_REGION=
      # - S3_ACCESS_KEY_ID=
      # - S3_SECRET_ACCESS_KEY=
      # - S3_BUCKET=
      # - S3_FORCE_PATH_STYLE=true

      # - OIDC_ISSUER=
      # - OIDC_CLIENT_ID=
      # - OIDC_CLIENT_SECRET=
      # - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=
      # - OIDC_USERINFO_SIGNED_RESPONSE_ALG=
      # - OIDC_SCOPES=openid email profile
      # - OIDC_RESPONSE_MODE=fragment
      # - OIDC_USE_DEFAULT_RESPONSE_MODE=true
      # - OIDC_ADMIN_ROLES=admin
      # - OIDC_CLAIMS_SOURCE=userinfo
      # - OIDC_EMAIL_ATTRIBUTE=email
      # - OIDC_NAME_ATTRIBUTE=name
      # - OIDC_USERNAME_ATTRIBUTE=preferred_username
      # - OIDC_ROLES_ATTRIBUTE=groups
      # - OIDC_IGNORE_USERNAME=true
      # - OIDC_IGNORE_ROLES=true
      # - OIDC_ENFORCED=true

      # Email Notifications (https://nodemailer.com/smtp/)
      # - SMTP_HOST=
      # - SMTP_PORT=587
      # - SMTP_NAME=
      # - SMTP_SECURE=true
      # - SMTP_USER=
      # - SMTP_PASSWORD=
      # - SMTP_FROM="Demo Demo" <demo@demo.demo>
      # - SMTP_TLS_REJECT_UNAUTHORIZED=false

      # Optional fields: accessToken, events, excludedEvents
      # - |
      #   WEBHOOKS=[{
      #     "url": "http://localhost:3001",
      #     "accessToken": "notaccesstoken",
      #     "events": ["cardCreate", "cardUpdate", "cardDelete"],
      #     "excludedEvents": ["notificationCreate", "notificationUpdate"]
      #   }]
    depends_on:
      postgres:
        condition: service_healthy

  postgres:
    image: postgres:16-alpine
    restart: on-failure
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=planka
      - POSTGRES_HOST_AUTH_METHOD=trust
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  favicons:
  user-avatars:
  background-images:
  attachments:
  db-data: