[DEPLOY] Add deployment resources

2026-03-03 03:17:07 +00:00 · 2023-03-12 13:00:40 +00:00
parent 4e4503e097
commit d19554de24
12 changed files with 845 additions and 0 deletions
--- a/deploy/deploy-ansible/example.env
+++ b/deploy/deploy-ansible/example.env
@@ -0,0 +1,134 @@
 # REQUIRED=Secret key
 # Used to generate CSRF tokens - must never be made public
 SECRET_KEY=changeme
 # REQUIRED=Database password
 # The password for the breccia-mapper user in the postgres database
 DB_PASSWORD=changeme
 # Debug
 # Should the server run in debug mode?  Provides information to users which is unsafe in production
 # Default: False
 DEBUG=False
 # Project long name
 # The project's full name.
 # Default: Project Network Mapper
 # PROJECT_LONG_NAME=Project Network Mapper
 # Project short name
 # The project's short/abbreviated name. This will also be used as the app's name when installed as PWA.
 # Default: Network Mapper
 # PROJECT_SHORT_NAME=Network Mapper
 # Project description
 # The project's description. Used when installed as a PWA.
 # Default: Application to map network relationships in the organisation.
 # PROJECT_DESCRIPTION=Application to map network relationships in the organisation.
 # Theme color
 # The project's theme color, in hex format (excluding the leading #).
 # Default: 212121
 # THEME_COLOR=212121
 # Background color
 # The project's background color, in hex format (excluding the leading #).
 # Default: ffffff
 # BACKGROUND_COLOR=ffffff
 # Allowed hosts
 # Accepted values for server header in request - protects against CSRF and CSS attacks
 # Default: * if DEBUG else localhost
 # ALLOWED_HOSTS=127.0.0.1,localhost,localhost.localdomain
 # Site URL
 # The URL the site will be deployed on. Do not include http://, https://, or a trailing slash.
 # Default: localhost
 # SITE_URL=localhost
 # Site protocol
 # The protocol the site uses. Valid options are http or https.
 # Default: http
 # SITE_PROTOCOL=http
 # Trusted origins
 # The trusted origin domains of requests - protects against CSRF and CSS attacks
 # Default: '*' if DEBUG else 'http://127.0.0.1,http://localhost,http://localhost.localdomain'
 # TRUSTED_ORIGINS=http://127.0.0.1,http://localhost,http://localhost.localdomain
 # Database backup storage location
 # Directory where database backups should be stored
 # Default: .dbbackup
 # DBBACKUP_STORAGE_LOCATION=.dbbackup
 # Default language
 # Default language - used for translation - has not been enabled
 # Default: en-gb
 # LANGUAGE_CODE=en-gb
 # Timezone
 # Default timezone
 # Default: UTC
 # TIME_ZONE=UTC
 # Logging level
 # Level of messages written to log file
 # Default: INFO
 # LOG_LEVEL=INFO
 # Logging filename
 # Path to logfile
 # Default: debug.log
 # LOG_FILENAME=debug.log
 # Logging duration
 # Number of days of logs to keep - logfile is rotated out at the end of each day
 # Default: 14
 # LOG_DAYS=14
 # STMP host
 # Hostname of SMTP server
 # Default: None
 # EMAIL_HOST=None
 # Default from email address
 # Email address from which messages are sent
 # Default: None
 # DEFAULT_FROM_EMAIL=None
 # [DEBUG ONLY] Email file path
 # Directory where emails will be stored if not using an SMTP server
 # Default: mail.log
 # EMAIL_FILE_PATH=mail.log
 # SMTP username
 # Username to authenticate with SMTP server
 # Default: None
 # EMAIL_HOST_USER=None
 # SMTP password
 # Password to authenticate with SMTP server
 # Default: None
 # EMAIL_HOST_PASSWORD=None
 # SMTP port
 # Port to access on SMTP server
 # Default: 25
 # EMAIL_PORT=25
 # SMTP use TLS
 # Use TLS to communicate with SMTP server?  Usually on port 587
 # Cannot be enabled at the same time as EMAIL_USE_SSL
 # Default: True if EMAIL_PORT == 587 else False
 # EMAIL_USE_TLS=True if EMAIL_PORT == 587 else False
 # SMTP use SSL
 # Use SSL to communicate with SMTP server?  Usually on port 465
 # Cannot be enabled at the same time as EMAIL_USE_TLS
 # Default: True if EMAIL_PORT == 465 else False
 # EMAIL_USE_SSL=True if EMAIL_PORT == 465 else False
 # Google Maps API key
 # Google Maps API key to display maps of people's locations
 # Default: None
 # GOOGLE_MAPS_API_KEY=None
--- a/deploy/deploy-ansible/inventory.example.yml
+++ b/deploy/deploy-ansible/inventory.example.yml
@@ -0,0 +1,4 @@
 all:
  hosts:
    example.com:
--- a/deploy/deploy-ansible/playbook.yml
+++ b/deploy/deploy-ansible/playbook.yml
@@ -0,0 +1,104 @@
 ---
 - hosts: all
  become_user: root
  become_method: sudo
  become: yes
  pre_tasks:
    - name: Check if running under Vagrant
      stat:
        path: /vagrant
      register: vagrant_dir
  vars:
    project_name: network-mapper
    project_dir: /srv/{{ project_name }}
    project_src_dir: "{{ project_dir }}/src"
    provision_superuser: false
    superuser_username: admin
    superuser_password: admin
    superuser_email: email@example.com
  tasks:
    - name: Vagrant specific tasks
      block:
      - name: Add Docker repository
        get_url:
          url: https://download.docker.com/linux/centos/docker-ce.repo
          dest: '/etc/yum.repos.d/docker-ce.repo'
      when: deploy_environment is defined and deploy_environment == "vagrant"
    - name: Install system dependencies
      ansible.builtin.yum:
        name:
          - git
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-compose-plugin
        state: present
    # - name: Update system packages
    #   ansible.builtin.yum:
    #     name: '*'
    #     state: latest
    - name: Clone / update from source repos
      ansible.builtin.git:
        repo: 'https://github.com/Southampton-RSG/breccia-mapper.git'
        dest: '{{ project_src_dir }}'
        version: dev # master
        accept_hostkey: yes
    - name: Copy template files
      ansible.builtin.template:
        src: '{{ item }}.j2'
        dest: '{{ project_dir }}/{{ item }}'
        mode: 0600
      loop:
        - Caddyfile
        - docker-compose.yml
    - name: Copy settings file
      ansible.builtin.copy:
        src: '.env'
        dest: '{{ project_dir }}/.env'
        mode: 0600
    - name: Copy site icon
      ansible.builtin.copy:
        src: 'icon-192x192.png'
        dest: '{{ project_dir }}/icon-192x192.png'
        mode: 0600
    - name: Start Docker
      ansible.builtin.systemd:
        name: docker
        state: started
        enabled: yes
    - name: Pull latest docker images
      ansible.builtin.command:
        chdir: "{{ project_dir }}"
        cmd: docker compose pull {{ item }}
      loop:
        - caddy
        - server
        - db
    - name: Start containers
      ansible.builtin.command:
        chdir: "{{ project_dir }}"
        cmd: docker compose up -d
    - name: Provision superuser
      ansible.builtin.command:
        chdir: "{{ project_dir }}"
        cmd: sudo docker compose exec -it server /bin/bash -c "DJANGO_SUPERUSER_USERNAME='{{ superuser_username }}' DJANGO_SUPERUSER_PASSWORD='{{ superuser_password }}' DJANGO_SUPERUSER_EMAIL='{{ superuser_email }}' /app/manage.py createsuperuser --no-input"
      when: provision_superuser
    - name: Display warning about new superuser
      debug:
        msg:
          - "[WARNING] A superuser has been provisioned with the username \"{{ superuser_username }}\" and the password that was provided. This user has unlimited access to the network mapper."
      when: provision_superuser
--- a/deploy/deploy-ansible/templates/Caddyfile.j2
+++ b/deploy/deploy-ansible/templates/Caddyfile.j2
@@ -0,0 +1,16 @@
 :80 :443 {
    root * /srv
    file_server
    @proxy_paths {
        not path /static/*
        not path /media/*
    }
    reverse_proxy @proxy_paths http://server:8000
    log {
        output stderr
        format console
    }
 }
--- a/deploy/deploy-ansible/templates/docker-compose.yml.j2
+++ b/deploy/deploy-ansible/templates/docker-compose.yml.j2
@@ -0,0 +1,57 @@
 version: '3.1'
 services:
  server:
    image: mgrove36/breccia-mapper:latest
    build: {{ project_src_dir }}
    ports:
      - 8000:8000
    environment:
      DJANGO_DEBUG: ${DEBUG}
    env_file:
      - .env
    volumes:
      - static_files:/app/static
      - media_files:/app/media
    depends_on:
      db:
        condition: service_healthy
  caddy:
    image: caddy:2
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:z
      # Caddy serves static files collected by Django
      - static_files:/srv/static:ro
      - media_files:/srv/media
      - {{ project_dir }}/icon-192x192.png:/srv/media/icon-192x192.png:ro
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - server
  db:
    image: postgres:15.2-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: 'breccia-mapper'
      POSTGRES_USER: 'breccia-mapper'
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U breccia-mapper"]
      interval: 5s
      timeout: 5s
      retries: 5
 volumes:
  caddy_data:
  caddy_config:
  static_files:
  media_files:
  postgres_data:
--- a/deploy/deploy-docker/docker-compose.yml
+++ b/deploy/deploy-docker/docker-compose.yml
@@ -0,0 +1,57 @@
 version: '3.1'
 services:
  server:
    image: mgrove36/breccia-mapper:latest
    build: .
    ports:
      - 8000:8000
    environment:
      DJANGO_DEBUG: ${DEBUG}
    env_file:
      - .env
    volumes:
      - static_files:/app/static
      - media_files:/app/media
    depends_on:
      db:
        condition: service_healthy
  caddy:
    image: caddy:2
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:z
      # Caddy serves static files collected by Django
      - static_files:/srv/static:ro
      - media_files:/srv/media
      - ./icon-192x192.png:/srv/media/icon-192x192.png:ro
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - server
  db:
    image: postgres:15.2-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: 'breccia-mapper'
      POSTGRES_USER: 'breccia-mapper'
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U breccia-mapper"]
      interval: 5s
      timeout: 5s
      retries: 5
 volumes:
  caddy_data:
  caddy_config:
  static_files:
  media_files:
  postgres_data:
--- a/deploy/deploy-docker/example.env
+++ b/deploy/deploy-docker/example.env
@@ -0,0 +1,134 @@
 # REQUIRED=Secret key
 # Used to generate CSRF tokens - must never be made public
 SECRET_KEY=changeme
 # REQUIRED=Database password
 # The password for the breccia-mapper user in the postgres database
 DB_PASSWORD=changeme
 # Debug
 # Should the server run in debug mode?  Provides information to users which is unsafe in production
 # Default: False
 DEBUG=False
 # Project long name
 # The project's full name.
 # Default: Project Network Mapper
 # PROJECT_LONG_NAME=Project Network Mapper
 # Project short name
 # The project's short/abbreviated name. This will also be used as the app's name when installed as PWA.
 # Default: Network Mapper
 # PROJECT_SHORT_NAME=Network Mapper
 # Project description
 # The project's description. Used when installed as a PWA.
 # Default: Application to map network relationships in the organisation.
 # PROJECT_DESCRIPTION=Application to map network relationships in the organisation.
 # Theme color
 # The project's theme color, in hex format (excluding the leading #).
 # Default: 212121
 # THEME_COLOR=212121
 # Background color
 # The project's background color, in hex format (excluding the leading #).
 # Default: ffffff
 # BACKGROUND_COLOR=ffffff
 # Allowed hosts
 # Accepted values for server header in request - protects against CSRF and CSS attacks
 # Default: * if DEBUG else localhost
 # ALLOWED_HOSTS=127.0.0.1,localhost,localhost.localdomain
 # Site URL
 # The URL the site will be deployed on. Do not include http://, https://, or a trailing slash.
 # Default: localhost
 # SITE_URL=localhost
 # Site protocol
 # The protocol the site uses. Valid options are http or https.
 # Default: http
 # SITE_PROTOCOL=http
 # Trusted origins
 # The trusted origin domains of requests - protects against CSRF and CSS attacks
 # Default: '*' if DEBUG else 'http://127.0.0.1,http://localhost,http://localhost.localdomain'
 # TRUSTED_ORIGINS=http://127.0.0.1,http://localhost,http://localhost.localdomain
 # Database backup storage location
 # Directory where database backups should be stored
 # Default: .dbbackup
 # DBBACKUP_STORAGE_LOCATION=.dbbackup
 # Default language
 # Default language - used for translation - has not been enabled
 # Default: en-gb
 # LANGUAGE_CODE=en-gb
 # Timezone
 # Default timezone
 # Default: UTC
 # TIME_ZONE=UTC
 # Logging level
 # Level of messages written to log file
 # Default: INFO
 # LOG_LEVEL=INFO
 # Logging filename
 # Path to logfile
 # Default: debug.log
 # LOG_FILENAME=debug.log
 # Logging duration
 # Number of days of logs to keep - logfile is rotated out at the end of each day
 # Default: 14
 # LOG_DAYS=14
 # STMP host
 # Hostname of SMTP server
 # Default: None
 # EMAIL_HOST=None
 # Default from email address
 # Email address from which messages are sent
 # Default: None
 # DEFAULT_FROM_EMAIL=None
 # [DEBUG ONLY] Email file path
 # Directory where emails will be stored if not using an SMTP server
 # Default: mail.log
 # EMAIL_FILE_PATH=mail.log
 # SMTP username
 # Username to authenticate with SMTP server
 # Default: None
 # EMAIL_HOST_USER=None
 # SMTP password
 # Password to authenticate with SMTP server
 # Default: None
 # EMAIL_HOST_PASSWORD=None
 # SMTP port
 # Port to access on SMTP server
 # Default: 25
 # EMAIL_PORT=25
 # SMTP use TLS
 # Use TLS to communicate with SMTP server?  Usually on port 587
 # Cannot be enabled at the same time as EMAIL_USE_SSL
 # Default: True if EMAIL_PORT == 587 else False
 # EMAIL_USE_TLS=True if EMAIL_PORT == 587 else False
 # SMTP use SSL
 # Use SSL to communicate with SMTP server?  Usually on port 465
 # Cannot be enabled at the same time as EMAIL_USE_TLS
 # Default: True if EMAIL_PORT == 465 else False
 # EMAIL_USE_SSL=True if EMAIL_PORT == 465 else False
 # Google Maps API key
 # Google Maps API key to display maps of people's locations
 # Default: None
 # GOOGLE_MAPS_API_KEY=None
--- a/deploy/deploy-vagrant/Vagrantfile
+++ b/deploy/deploy-vagrant/Vagrantfile
@@ -0,0 +1,28 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "generic/rocky8"
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Provision VM using Ansible playbook
  config.vm.provision "ansible" do |ansible|
    ansible.verbose = "v"
    ansible.playbook = "playbook.yml"
    ansible.host_vars = {
      "default" => {
        "deploy_environment" => "vagrant"
      }
    }
  end
 end
--- a/deploy/deploy-vagrant/example.env
+++ b/deploy/deploy-vagrant/example.env
@@ -0,0 +1,134 @@
 # REQUIRED=Secret key
 # Used to generate CSRF tokens - must never be made public
 SECRET_KEY=changeme
 # REQUIRED=Database password
 # The password for the breccia-mapper user in the postgres database
 DB_PASSWORD=changeme
 # Debug
 # Should the server run in debug mode?  Provides information to users which is unsafe in production
 # Default: False
 DEBUG=False
 # Project long name
 # The project's full name.
 # Default: Project Network Mapper
 # PROJECT_LONG_NAME=Project Network Mapper
 # Project short name
 # The project's short/abbreviated name. This will also be used as the app's name when installed as PWA.
 # Default: Network Mapper
 # PROJECT_SHORT_NAME=Network Mapper
 # Project description
 # The project's description. Used when installed as a PWA.
 # Default: Application to map network relationships in the organisation.
 # PROJECT_DESCRIPTION=Application to map network relationships in the organisation.
 # Theme color
 # The project's theme color, in hex format (excluding the leading #).
 # Default: 212121
 # THEME_COLOR=212121
 # Background color
 # The project's background color, in hex format (excluding the leading #).
 # Default: ffffff
 # BACKGROUND_COLOR=ffffff
 # Allowed hosts
 # Accepted values for server header in request - protects against CSRF and CSS attacks
 # Default: * if DEBUG else localhost
 # ALLOWED_HOSTS=127.0.0.1,localhost,localhost.localdomain
 # Site URL
 # The URL the site will be deployed on. Do not include http://, https://, or a trailing slash.
 # Default: localhost
 # SITE_URL=localhost
 # Site protocol
 # The protocol the site uses. Valid options are http or https.
 # Default: http
 # SITE_PROTOCOL=http
 # Trusted origins
 # The trusted origin domains of requests - protects against CSRF and CSS attacks
 # Default: '*' if DEBUG else 'http://127.0.0.1,http://localhost,http://localhost.localdomain'
 # TRUSTED_ORIGINS=http://127.0.0.1,http://localhost,http://localhost.localdomain
 # Database backup storage location
 # Directory where database backups should be stored
 # Default: .dbbackup
 # DBBACKUP_STORAGE_LOCATION=.dbbackup
 # Default language
 # Default language - used for translation - has not been enabled
 # Default: en-gb
 # LANGUAGE_CODE=en-gb
 # Timezone
 # Default timezone
 # Default: UTC
 # TIME_ZONE=UTC
 # Logging level
 # Level of messages written to log file
 # Default: INFO
 # LOG_LEVEL=INFO
 # Logging filename
 # Path to logfile
 # Default: debug.log
 # LOG_FILENAME=debug.log
 # Logging duration
 # Number of days of logs to keep - logfile is rotated out at the end of each day
 # Default: 14
 # LOG_DAYS=14
 # STMP host
 # Hostname of SMTP server
 # Default: None
 # EMAIL_HOST=None
 # Default from email address
 # Email address from which messages are sent
 # Default: None
 # DEFAULT_FROM_EMAIL=None
 # [DEBUG ONLY] Email file path
 # Directory where emails will be stored if not using an SMTP server
 # Default: mail.log
 # EMAIL_FILE_PATH=mail.log
 # SMTP username
 # Username to authenticate with SMTP server
 # Default: None
 # EMAIL_HOST_USER=None
 # SMTP password
 # Password to authenticate with SMTP server
 # Default: None
 # EMAIL_HOST_PASSWORD=None
 # SMTP port
 # Port to access on SMTP server
 # Default: 25
 # EMAIL_PORT=25
 # SMTP use TLS
 # Use TLS to communicate with SMTP server?  Usually on port 587
 # Cannot be enabled at the same time as EMAIL_USE_SSL
 # Default: True if EMAIL_PORT == 587 else False
 # EMAIL_USE_TLS=True if EMAIL_PORT == 587 else False
 # SMTP use SSL
 # Use SSL to communicate with SMTP server?  Usually on port 465
 # Cannot be enabled at the same time as EMAIL_USE_TLS
 # Default: True if EMAIL_PORT == 465 else False
 # EMAIL_USE_SSL=True if EMAIL_PORT == 465 else False
 # Google Maps API key
 # Google Maps API key to display maps of people's locations
 # Default: None
 # GOOGLE_MAPS_API_KEY=None
--- a/deploy/deploy-vagrant/playbook.yml
+++ b/deploy/deploy-vagrant/playbook.yml
@@ -0,0 +1,104 @@
 ---
 - hosts: all
  become_user: root
  become_method: sudo
  become: yes
  pre_tasks:
    - name: Check if running under Vagrant
      stat:
        path: /vagrant
      register: vagrant_dir
  vars:
    project_name: network-mapper
    project_dir: /srv/{{ project_name }}
    project_src_dir: "{{ project_dir }}/src"
    provision_superuser: false
    superuser_username: admin
    superuser_password: admin
    superuser_email: email@example.com
  tasks:
    - name: Vagrant specific tasks
      block:
      - name: Add Docker repository
        get_url:
          url: https://download.docker.com/linux/centos/docker-ce.repo
          dest: '/etc/yum.repos.d/docker-ce.repo'
      when: deploy_environment is defined and deploy_environment == "vagrant"
    - name: Install system dependencies
      ansible.builtin.yum:
        name:
          - git
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-compose-plugin
        state: present
    # - name: Update system packages
    #   ansible.builtin.yum:
    #     name: '*'
    #     state: latest
    - name: Clone / update from source repos
      ansible.builtin.git:
        repo: 'https://github.com/Southampton-RSG/breccia-mapper.git'
        dest: '{{ project_src_dir }}'
        version: dev # master
        accept_hostkey: yes
    - name: Copy template files
      ansible.builtin.template:
        src: '{{ item }}.j2'
        dest: '{{ project_dir }}/{{ item }}'
        mode: 0600
      loop:
        - Caddyfile
        - docker-compose.yml
    - name: Copy settings file
      ansible.builtin.copy:
        src: '.env'
        dest: '{{ project_dir }}/.env'
        mode: 0600
    - name: Copy site icon
      ansible.builtin.copy:
        src: 'icon-192x192.png'
        dest: '{{ project_dir }}/icon-192x192.png'
        mode: 0600
    - name: Start Docker
      ansible.builtin.systemd:
        name: docker
        state: started
        enabled: yes
    - name: Pull latest docker images
      ansible.builtin.command:
        chdir: "{{ project_dir }}"
        cmd: docker compose pull {{ item }}
      loop:
        - caddy
        - server
        - db
    - name: Start containers
      ansible.builtin.command:
        chdir: "{{ project_dir }}"
        cmd: docker compose up -d
    - name: Provision superuser
      ansible.builtin.command:
        chdir: "{{ project_dir }}"
        cmd: sudo docker compose exec -it server /bin/bash -c "DJANGO_SUPERUSER_USERNAME='{{ superuser_username }}' DJANGO_SUPERUSER_PASSWORD='{{ superuser_password }}' DJANGO_SUPERUSER_EMAIL='{{ superuser_email }}' /app/manage.py createsuperuser --no-input"
      when: provision_superuser
    - name: Display warning about new superuser
      debug:
        msg:
          - "[WARNING] A superuser has been provisioned with the username \"{{ superuser_username }}\" and the password that was provided. This user has unlimited access to the network mapper."
      when: provision_superuser
--- a/deploy/deploy-vagrant/templates/Caddyfile.j2
+++ b/deploy/deploy-vagrant/templates/Caddyfile.j2
@@ -0,0 +1,16 @@
 :80 :443 {
    root * /srv
    file_server
    @proxy_paths {
        not path /static/*
        not path /media/*
    }
    reverse_proxy @proxy_paths http://server:8000
    log {
        output stderr
        format console
    }
 }
--- a/deploy/deploy-vagrant/templates/docker-compose.yml.j2
+++ b/deploy/deploy-vagrant/templates/docker-compose.yml.j2
@@ -0,0 +1,57 @@
 version: '3.1'
 services:
  server:
    image: mgrove36/breccia-mapper:latest
    build: {{ project_src_dir }}
    ports:
      - 8000:8000
    environment:
      DJANGO_DEBUG: ${DEBUG}
    env_file:
      - .env
    volumes:
      - static_files:/app/static
      - media_files:/app/media
    depends_on:
      db:
        condition: service_healthy
  caddy:
    image: caddy:2
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:z
      # Caddy serves static files collected by Django
      - static_files:/srv/static:ro
      - media_files:/srv/media
      - {{ project_dir }}/icon-192x192.png:/srv/media/icon-192x192.png:ro
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - server
  db:
    image: postgres:15.2-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: 'breccia-mapper'
      POSTGRES_USER: 'breccia-mapper'
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres_data:/var/lib/postgresql/data/
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U breccia-mapper"]
      interval: 5s
      timeout: 5s
      retries: 5
 volumes:
  caddy_data:
  caddy_config:
  static_files:
  media_files:
  postgres_data: