# Name of your application. Used to uniquely configure containers.
service: futureporn

# Name of the container image.
image: futureporn/bright

# Deploy to these servers.
servers:
  web:
    - 45.76.57.101

# Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server.
# Remove this section when using multiple web servers and ensure you terminate SSL at your load balancer.
#
# Note: If using Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
proxy:
  ssl: true
  app_port: 4000
  host: bright.futureporn.net
  healthcheck:
    path: /api/health
    interval: 2
    timeout: 2

# how long to wait for new containers to boot
deploy_timeout: 30

# Credentials for your image host.
registry:
  # Specify the registry server, if you're not using Docker Hub
  # server: registry.digitalocean.com / ghcr.io / ...
  server: gitea.futureporn.net
  username: cj_clippy

  # Always use an access token rather than real password (pulled from .kamal/secrets).
  password:
    - KAMAL_REGISTRY_PASSWORD

# Configure builder setup.
builder:
  args:
    MIX_ENV: prod
  arch: amd64
  dockerfile: ./dockerfiles/bright.dockerfile
  # Pass in additional build args needed for your Dockerfile.
  # args:
  #   RUBY_VERSION: <%= File.read('.ruby-version').strip %>

env:
  clear:
    PORT: 4000
    DATABASE_HOST: futureporn-db
    MIX_ENV: prod
    SUPERSTREAMER_URL: http://superstreamer-api
    PUBLIC_S3_ENDPOINT: https://futureporn-b2.b-cdn.net
  secret:
    - DATABASE_URL
    - SECRET_KEY_BASE
    - SUPERSTREAMER_AUTH_TOKEN
    - GITHUB_CLIENT_SECRET
    - GITHUB_CLIENT_ID

# Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
# "bin/kamal logs -r job" will tail logs from the first server in the job section.
#
# aliases:
#   shell: app exec --interactive --reuse "bash"

ssh:
  keys: ["~/.ssh/futureporn"]

# Use a persistent storage volume.
#
# volumes:
#   - "app_storage:/app/storage"

# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
# hitting 404 on in-flight requests. Combines all files from new and old
# version inside the asset_path.
#
# asset_path: /app/public/assets

# Configure rolling deploys by setting a wait time between batches of restarts.
#
# boot:
#   limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
#   wait: 2

# Use accessory services (secrets come from .kamal/secrets).
#
accessories:
  tracker-helper:
    image: gitea.futureporn.net/futureporn/opentracker:latest
    host: 45.76.57.101
    port: "127.0.0.1:3000:3000"
    env:
      secret:
        - WL_CREDENTIALS
    proxy:
      ssl: true
      forward_headers: true
      app_port: 3000
      host: tracker-helper.futureporn.net
      healthcheck:
        path: /health
    volumes:
      - opentracker-etc:/etc/opentracker
      - opentracker-var:/var/run/opentracker

  # opentracker:
  #   image: gitea.futureporn.net/futureporn/opentracker:latest
  #   host: 45.76.57.101
  #   port: "127.0.0.1:6969:6969"
  #   env:
  #     clear:
  #       WHITELIST_FEED_URL: https://bright.futureporn.net/torrents
  #     secret:
  #       - WHITELIST_USERNAME
  #       - WHITELIST_PASSWORD
  #   proxy:
  #     ssl: true
  #     forward_headers: true
  #     app_port: 6969
  #     host: tracker.futureporn.net
  #     healthcheck:
  #       path: /stats
  #   volumes:
  #     - opentracker-etc:/etc/opentracker
  #     - opentracker-var:/var/run/opentracker

  aquatic:
    image: gitea.futureporn.net/futureporn/aquatic:latest
    host: 45.76.57.101
    port: "127.0.0.1:3000:3000"
    env:
      clear:
        WHITELIST_FEED_URL: https://bright.futureporn.net/torrents
      secret:
        - WHITELIST_USERNAME
        - WHITELIST_PASSWORD
    proxy:
      ssl: true
      forward_headers: true
      app_port: 3000
      host: tracker.futureporn.net
      ## we can't do the healthcheck on the prometheus port because kamal only allows one port per container
      ## @blocking https://github.com/basecamp/kamal-proxy/issues/48
      # healthcheck:
      #   path: /stats
    volumes:
      - opentracker-etc:/etc/opentracker
      - opentracker-var:/var/run/opentracker

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    host: 45.76.57.101
    port: "127.0.0.1:8080:8080"
    env:
      clear:
        PUID: "1000"
        PGID: "1000"
        TZ: "Etc/UTC"
        WEBUI_PORT: "8080"
        TORRENTING_PORT: "6881"
    proxy:
      ssl: true
      forward_headers: true
      app_port: 8080
      host: qbittorrent.futureporn.net
      healthcheck:
        path: /
    volumes:
      - /root/.cache/futureporn:/root/.cache/futureporn

  db:
    image: postgres:15
    host: 45.76.57.101
    port: "127.0.0.1:5432:5432"
    env:
      clear:
        POSTGRES_USER: postgres
        POSTGRES_DB: bright
      secret:
        - POSTGRES_PASSWORD
    directories:
      - pg_data:/var/lib/postgresql/data

  redis:
    image: valkey/valkey:8
    host: 45.76.57.101
    port: 6379
    directories:
      - data:/data

  pgadmin:
    image: dpage/pgadmin4
    host: 45.76.57.101
    port: "127.0.0.1:5050:5050"
    env:
      clear:
        PGADMIN_LISTEN_PORT: "5050"
      secret:
        - PGADMIN_DEFAULT_EMAIL
        - PGADMIN_DEFAULT_PASSWORD
    proxy:
      ssl: true
      forward_headers: true
      app_port: 5050
      host: pgadmin.futureporn.net
      healthcheck:
        path: /login