ChristianLempa_Boilerplates/library/compose/semaphoreui/compose.yaml.j2.portfix

services:
  {{ service_name }}:
    image: docker.io/semaphoreui/semaphore:v2.16.43
    {% if not swarm_enabled %}
    restart: {{ restart_policy }}
    container_name: {{ container_name }}
    {% endif %}
    hostname: {{ container_hostname }}
    user: "{{ user_uid }}:{{ user_gid }}"
    environment:
      - TZ={{ container_timezone }}
      {% if database_type == 'mysql' %}
      - SEMAPHORE_DB_DIALECT=mysql
      {% elif database_type == 'postgres' %}
      - SEMAPHORE_DB_DIALECT=postgres
      {% endif %}
      {% if database_external %}
      - SEMAPHORE_DB_HOST={{ database_host }}
      {% else %}
      - SEMAPHORE_DB_HOST={{ service_name }}-{{ database_type }}
      {% endif %}
      - SEMAPHORE_DB_PORT={% if database_type == 'postgres' %}5432{% else %}3306{% endif %}
      - SEMAPHORE_DB={{ database_name }}
      - SEMAPHORE_DB_USER={{ database_user }}
      - SEMAPHORE_DB_PASS=${DATABASE_PASSWORD}
      - SEMAPHORE_ADMIN={{ semaphore_admin_name }}
      - SEMAPHORE_ADMIN_NAME={{ semaphore_admin_name }}
      - SEMAPHORE_ADMIN_EMAIL={{ semaphore_admin_email }}
      - SEMAPHORE_ADMIN_PASSWORD=${SEMAPHORE_ADMIN_PASSWORD}
      - SEMAPHORE_PLAYBOOK_PATH={{ semaphore_playbook_path }}
      - SEMAPHORE_ACCESS_KEY_ENCRYPTION=${SEMAPHORE_ACCESS_KEY_ENCRYPTION}
      - ANSIBLE_HOST_KEY_CHECKING={{ ansible_host_key_checking }}
      {% if email_enabled %}
      - SEMAPHORE_EMAIL_SENDER={{ email_from }}
      - SEMAPHORE_EMAIL_HOST={{ email_host }}
      - SEMAPHORE_EMAIL_PORT={{ email_port }}
      - SEMAPHORE_EMAIL_USERNAME={{ email_username }}
      - SEMAPHORE_EMAIL_PASSWORD=${EMAIL_PASSWORD}
      - SEMAPHORE_EMAIL_SECURE={{ email_use_tls }}
      {% endif %}
    {% endif %}
    {% if not traefik_enabled and network_mode == 'bridge' %}
    ports:
      {% if swarm_enabled %}
      - target: 3000
        published: {{ ports_http }}
        protocol: tcp
        mode: host
      {% else %}
      - "{{ ports_http }}:3000"
      {% endif %}
    {% endif %}
    volumes:
      - ./inventory:/inventory:ro
      - ./authorized-keys:/authorized-keys:ro
      - ./config:/etc/semaphore:rw
    {% if traefik_enabled and not swarm_enabled %}
    labels:
      - traefik.enable=true
      - traefik.docker.network={{ traefik_network }}
      - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=3000
      - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
      - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
      {% if traefik_tls_enabled %}
      - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
      - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
      - traefik.http.routers.{{ service_name }}-https.tls=true
      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
      {% endif %}
    {% endif %}
    depends_on:
      {% if database_type == 'mysql' %}
      - {{ service_name }}-mysql
      {% elif database_type == 'postgres' %}
      - {{ service_name }}-postgres
      {% endif %}
    {% if swarm_enabled or resources_enabled %}
    deploy:
      {% if swarm_enabled %}
      mode: {{ swarm_placement_mode }}
      {% if swarm_placement_mode == 'replicated' %}
      replicas: {{ swarm_replicas }}
      {% endif %}
      {% if swarm_placement_host %}
      placement:
        constraints:
          - node.hostname == {{ swarm_placement_host }}
      {% endif %}
      restart_policy:
        condition: on-failure
      {% endif %}
      {% if resources_enabled %}
      resources:
        limits:
          cpus: '{{ resources_cpu_limit }}'
          memory: {{ resources_memory_limit }}
        {% if swarm_enabled %}
        reservations:
          cpus: '{{ resources_cpu_reservation }}'
          memory: {{ resources_memory_reservation }}
        {% endif %}
      {% endif %}
      {% if swarm_enabled and traefik_enabled %}
      labels:
        - traefik.enable=true
        - traefik.docker.network={{ traefik_network }}
        - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=3000
        - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
        - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
        {% if authentik_enabled %}
        - traefik.http.routers.{{ service_name }}-http.middlewares={{ authentik_traefik_middleware }}
        {% endif %}
        {% if traefik_tls_enabled %}
        - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
        - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
        - traefik.http.routers.{{ service_name }}-https.tls=true
        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
        {% if authentik_enabled %}
        - traefik.http.routers.{{ service_name }}-https.middlewares={{ authentik_traefik_middleware }}
        {% endif %}
        {% endif %}
      {% endif %}
    {% endif %}

  {% if not database_external %}
  {% if database_type == 'mysql' %}
  {{ service_name }}-mysql:
    image: docker.io/library/mysql:8.4
    {% if not swarm_enabled %}
    restart: {{ restart_policy }}
    container_name: {{ service_name }}-mysql
    {% endif %}
    environment:
      {% if database_type == 'mysql' %}
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_DATABASE={{ database_name }}
      - MYSQL_USER={{ database_user }}
      - MYSQL_PASSWORD=${DATABASE_PASSWORD}
      - MYSQL_CHARSET=utf8mb4
      - MYSQL_COLLATION=utf8mb4_unicode_ci
      {% elif database_type == 'postgres' %}
      - POSTGRES_DB={{ database_name }}
      - POSTGRES_USER={{ database_user }}
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
      - POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C
      {% endif %}
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "{{ database_user }}", "-p{{ database_password }}"]
      start_period: 30s
      interval: 10s
      timeout: 10s
      retries: 5
    {% endif %}
    volumes:
      - database_data:/var/lib/mysql
  {% elif database_type == 'postgres' %}
  {{ service_name }}-postgres:
    image: docker.io/library/postgres:17.6
    {% if not swarm_enabled %}
    restart: {{ restart_policy }}
    container_name: {{ service_name }}-postgres
    {% endif %}
    environment:
      {% if database_type == 'mysql' %}
      - MYSQL_RANDOM_ROOT_PASSWORD=yes
      - MYSQL_DATABASE={{ database_name }}
      - MYSQL_USER={{ database_user }}
      - MYSQL_PASSWORD=${DATABASE_PASSWORD}
      - MYSQL_CHARSET=utf8mb4
      - MYSQL_COLLATION=utf8mb4_unicode_ci
      {% elif database_type == 'postgres' %}
      - POSTGRES_DB={{ database_name }}
      - POSTGRES_USER={{ database_user }}
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
      - POSTGRES_INITDB_ARGS=--encoding=UTF8 --locale=C
      {% endif %}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U {{ database_user }}"]
      start_period: 30s
      interval: 10s
      timeout: 10s
      retries: 5
    {% endif %}
    volumes:
      - database_data:/var/lib/postgresql/data
  {% endif %}
  {% endif %}

    {% endif %}
  {% if traefik_enabled %}
  {{ traefik_network }}:
    external: true
  {% endif %}
{% endif %}

volumes:
  {% if not database_external %}
  database_data:
    driver: local
  {% endif %}