net-ops/global/overlay/etc/puppet/modules/net/templates/cisoassistant/docker-compose.yml.erb

---
services:

  always-https:
    image: docker.sunet.se/always-https:latest
    restart: always
    network_mode: host
    ports:
      - 80:80
    environment:
      - ACME_URL=http://acme-c.sunet.se/

  postgres:
    image: docker.sunet.se/library/postgres-17.5:<%= @postgres_docker_tag %>
    ports:
      - 5432:5432
    hostname: postgres
    volumes:
      - /opt/cisoas/postgresql/data:/var/lib/postgresql/data
      - /opt/cisoas/postgresql/init/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh
      - /opt/cisoas/backup/postgres:/var/lib/postgresql/backup
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=<%= @postgres_admin_password %>

  backend:
    container_name: backend
    image: ghcr.io/intuitem/ciso-assistant-enterprise-backend:latest
    depends_on:
      - postgres
    restart: always
    environment:
      - ALLOWED_HOSTS=backend,<%= @ciso_service_name %>
      - CISO_ASSISTANT_URL=https://<%= @ciso_service_name %>
      - DJANGO_DEBUG=True
      - AUTH_TOKEN_TTL=7200
      - LICENSE_SEATS=3000
      - POSTGRES_NAME=ciso-assistant
      - POSTGRES_USER=ciso-assistantuser
      - POSTGRES_PASSWORD=<%= @postgres_password %>
      - DB_HOST=postgres
      - DB_PORT=5432
    volumes:
      - /opt/cisoas/db:/code/db
      - /etc/dehydrated/certs/<%= @ciso_service_name %>pem:/certs/cert.pem
      - /etc/dehydrated/certs/<%= @ciso_service_name %>.key:/certs/key.pem

  frontend:
    container_name: frontend
    restart: always
    environment:
      - PUBLIC_BACKEND_API_URL=http://backend:8000/api
      - PUBLIC_BACKEND_API_EXPOSED_URL=https://<%= @ciso_service_name %>:9443/api
      - PROTOCOL_HEADER=x-forwarded-proto
      - HOST_HEADER=x-forwarded-host

    image: ghcr.io/intuitem/ciso-assistant-enterprise-frontend:latest
    depends_on:
      - backend
    volumes: 
      - /etc/dehydrated/certs/<%= @ciso_service_name %>.pem:/certs/cert.pem
      - /etc/dehydrated/certs/<%= @ciso_service_name %>.key:/certs/key.pem

  caddy:
    container_name: caddy
    image: caddy:2.8.4
    depends_on:
      - frontend
        #    restart: always
    ports:
      - 443:443
      - 9443:9443
    volumes:
      - /opt/cisoas/caddy_data:/data
      - /opt/cisoas/Caddyfile:/etc/caddy/Caddyfile
      - /etc/dehydrated/certs/<%= @ciso_service_name %>.pem:/certs/cert.pem
      - /etc/dehydrated/certs/<%= @ciso_service_name %>.key:/certs/key.pem