version: "3.8"

networks:
  coder-network:
    external: true
  traefik-network:
    external: true

services:
  ## use this unsafe proxy to gain access to the docker socket.
  ## group_add as suggested by coder oss isn't avaiable in compose 3
  ## even if it's supported, adding a group repliably over multiple
  ## nodes isn't possible because the group id for 'docker' may not be
  ## the same across multiple nodes.
  coder-socat-service:
    image: docker.io/alpine/socat:latest
    hostname: coder-socat-service-host
    command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
    environment:
      - DS_NODE_NAME={{.Node.Hostname}}
      - DS_SERVICE_NAME={{.Service.Name}}
      - DS_TASK_NAME={{.Task.Name}}
    volumes:
      - type: bind
        source: /var/run/docker.sock
        target: /var/run/docker.sock
    networks:
      - coder-network
    deploy:
      mode: global
      placement:
        constraints:
          - node.role == manager
      resources:
        limits:
          memory: 10MB

  coder-service:
    image: ghcr.io/coder/coder:latest
    hostname: coder-service-host
    tty: true
    depends_on:
      - coder-socat-service
    environment:
      - DS_NODE_NAME={{.Node.Hostname}}
      - DS_SERVICE_NAME={{.Service.Name}}
      - DS_TASK_NAME={{.Task.Name}}
      - CODER_ACCESS_URL=https://vc.miflux.com
      - CODER_ADDRESS=0.0.0.0:80
      - CODER_TLS_ENABLE=false
      - CODER_OIDC_ISSUER_URL=https://code.miflux.com/
      - CODER_OIDC_EMAIL_DOMAIN=miflux.com
      - CODER_OIDC_CLIENT_ID=8fc09269-57cd-4a03-a66b-6fb357d8abec
      - CODER_OIDC_CLIENT_SECRET=gto_7hfqdkyg3tfc6ho5zuv2k34wl4jmnwxctzp32kvujrrmjf4bb2ta
      - DOCKER_HOST=tcp://coder-socat-service-host:2375
    networks:
      - coder-network
      - traefik-network  
    volumes:
      - type: bind
        source: /home/gfs-data/coder/data
        target: /home/coder/.config
      - type: bind
        source: /home/gfs-data/coder/templates
        target: /home/coder/templates
      - type: bind
        source: /home/gfs-data/coder/workspace
        target: /workspace
#    ports:
#      - target: 80
#        published: 80
#        protocol: tcp
    deploy:
      mode: replicated
      replicas: 1
      ##placement:
      ##  max_replicas_per_node: 1
      ##  constraints:
      ##    - node.labels.location == home
      ##    - node.hostname == rose
      resources:
        limits:
          memory: 1GB
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        ##- traefik.docker.network=traefik-network
        - traefik.http.routers.coder-https.entrypoints=websec
        - traefik.http.routers.coder-https.rule=Host(`vc.miflux.com`)
        - traefik.http.routers.coder-https.tls=true
#        - traefik.http.routers.coder-http.entrypoints=web
#        - traefik.http.routers.coder-http.rule=Host(`vc.miflux.com`)
#        - traefik.http.routers.coder-http.tls=false
        - traefik.http.services.coder-service.loadbalancer.server.port=80
        - traefik.http.services.coder-service.loadbalancer.sticky.cookie=true
        - traefik.http.services.coder-service.loadbalancer.sticky.cookie.name=coder-sticker