services:
  magic-cloudflared:
    image: cloudflare/cloudflared:latest
    container_name: magic-cloudflared
    restart: unless-stopped
    command: tunnel --no-autoupdate run
    environment:
      TUNNEL_TOKEN: ${CLOUDFLARE_TUNNEL_TOKEN}
      REAL_IP_HEADER: Cf-Connecting-Ip
    networks:
      - strapi-shared-network
    depends_on:
      - magic-nginx

  magic-nginx:
    image: nginx:1
    container_name: magic-nginx
    restart: unless-stopped
    ports:
      - 80:80
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
    networks:
      - strapi-shared-network
    depends_on:
      - magic-app

  magic-app:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: magic-app
    restart: unless-stopped
    environment:
      NODE_ENV: production
      APP_URL: https://donate.magicgrants.org
      DATABASE_URL: ${DATABASE_URL}

      NEXTAUTH_URL: https://donate.magicgrants.org
      NEXTAUTH_URL_INTERNAL: http://localhost:3000
      NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
      USER_SETTINGS_JWT_SECRET: ${USER_SETTINGS_JWT_SECRET}
      TURNSTILE_SECRET: ${TURNSTILE_SECRET}
      NEXT_PUBLIC_TURNSTILE_SITEKEY: 0x4AAAAAAA11o5rNvbUuAWSJ

      STRAPI_API_URL: ${STRAPI_API_URL}
      STRAPI_API_TOKEN: ${STRAPI_API_TOKEN}

      SMTP_HOST: email-smtp.us-east-2.amazonaws.com
      SMTP_PORT: 587
      SMTP_USER: ${SMTP_USER}
      SMTP_PASS: ${SMTP_PASS}
      SES_VERIFIED_SENDER: info@magicgrants.org

      STRIPE_MONERO_SECRET_KEY: ${STRIPE_MONERO_SECRET_KEY}
      STRIPE_MONERO_WEBHOOK_SECRET: ${STRIPE_MONERO_WEBHOOK_SECRET}
      STRIPE_FIRO_SECRET_KEY: ${STRIPE_FIRO_SECRET_KEY}
      STRIPE_FIRO_WEBHOOK_SECRET: ${STRIPE_FIRO_WEBHOOK_SECRET}
      STRIPE_PRIVACY_GUIDES_SECRET_KEY: ${STRIPE_PRIVACY_GUIDES_SECRET_KEY}
      STRIPE_PRIVACY_GUIDES_WEBHOOK_SECRET: ${STRIPE_PRIVACY_GUIDES_WEBHOOK_SECRET}
      STRIPE_GENERAL_SECRET_KEY: ${STRIPE_GENERAL_SECRET_KEY}
      STRIPE_GENERAL_WEBHOOK_SECRET: ${STRIPE_GENERAL_WEBHOOK_SECRET}

      PRINTFUL_API_KEY: ${PRINTFUL_API_KEY}
      PRINTFUL_WEBHOOK_SECRET: ${PRINTFUL_WEBHOOK_SECRET}

      KEYCLOAK_URL: ${KEYCLOAK_URL}
      KEYCLOAK_CLIENT_ID: app
      KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET}
      KEYCLOAK_REALM_NAME: magic

      BTCPAY_URL: ${BTCPAY_URL}
      BTCPAY_EXTERNAL_URL: https://btcpay.magicgrants.org
      BTCPAY_API_KEY: ${BTCPAY_API_KEY}
      BTCPAY_STORE_ID: ${BTCPAY_STORE_ID}
      BTCPAY_WEBHOOK_SECRET: ${BTCPAY_WEBHOOK_SECRET}

      PRIVACYGUIDES_DISCOURSE_URL: ${PRIVACYGUIDES_DISCOURSE_URL}
      PRIVACYGUIDES_DISCOURSE_CONNECT_SECRET: ${PRIVACYGUIDES_DISCOURSE_CONNECT_SECRET}
      PRIVACYGUIDES_DISCOURSE_API_KEY: ${PRIVACYGUIDES_DISCOURSE_API_KEY}
      PRIVACYGUIDES_DISCOURSE_API_USERNAME: ${PRIVACYGUIDES_DISCOURSE_API_USERNAME}
      PRIVACYGUIDES_DISCOURSE_MEMBERSHIP_GROUP_ID: ${PRIVACYGUIDES_DISCOURSE_MEMBERSHIP_GROUP_ID}

      ATTESTATION_PRIVATE_KEY_HEX: ${ATTESTATION_PRIVATE_KEY_HEX}

      COINBASE_COMMERCE_API_KEY: ${COINBASE_COMMERCE_API_KEY}
      COINBASE_COMMERCE_WEBHOOK_SECRET: ${COINBASE_COMMERCE_WEBHOOK_SECRET}

      SENTRY_AUTH_TOKEN: ${SENTRY_AUTH_TOKEN}

      GEMINI_API_KEY: ${GEMINI_API_KEY}
    depends_on:
      - magic-postgres
    networks:
      - strapi-shared-network

  magic-redis:
    container_name: magic-redis
    image: redis:7-alpine
    restart: unless-stopped
    networks:
      - strapi-shared-network

  magic-postgres:
    image: postgres:16-alpine
    container_name: magic-postgres
    restart: unless-stopped
    environment:
      POSTGRES_USER: magic
      POSTGRES_DB: magic
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - 'postgres_data:/var/lib/postgresql/data'
    networks:
      - strapi-shared-network

volumes:
  postgres_data:

networks:
  strapi-shared-network:
    external: true