# /services/hedgedoc/compose.yml

services:
  hedgedoc:
    image: quay.io/hedgedoc/hedgedoc:1.10.3
    container_name: hedgedoc
    restart: always
    depends_on:
      hedgedoc_db:
        condition: service_healthy
    environment:
      CMD_ALLOW_EMAIL_REGISTER: false
      CMD_DB_URL: postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
      CMD_DOMAIN: pad.eliasfink.de
      CMD_OAUTH2_PROVIDERNAME: EFlogin
      CMD_OAUTH2_CLIENT_ID: ${OAUTH2_CLIENT_ID}
      CMD_OAUTH2_CLIENT_SECRET: ${OAUTH2_CLIENT_SECRET} 
      CMD_OAUTH2_SCOPE: openid email profile
      CMD_OAUTH2_AUTHORIZATION_URL: https://login.eliasfink.de/application/o/authorize/
      CMD_OAUTH2_TOKEN_URL: https://login.eliasfink.de/application/o/token/
      CMD_OAUTH2_USER_PROFILE_URL: https://login.eliasfink.de/application/o/userinfo/
      CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
      CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
      CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
      CMD_PROTOCOL_USESSL: true
    networks:
      - default
      - traefik
    volumes:
      - ./data/uploads:/hedgedoc/public/uploads

  hedgedoc_db:
    image: postgres:17
    container_name: hedgedoc_db
    restart: always
    environment:
      POSTGRES_DB: hedgedoc
      POSTGRES_USER: hedgedoc
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    healthcheck:
      test: pg_isready
      interval: 30s
      timeout: 10s
      retries: 3
    networks:
      - default
    volumes:
      - ./db:/var/lib/postgresql/data

networks:
  traefik:
    external: true