# Hemmelig - Secret sharing
# Port: 3000
# Self-destructing secret sharing

services:
  hemmelig:
    image: hemmeligapp/hemmelig:latest  # The Docker image to use for the hemmelig service
    hostname: hemmelig  # The hostname of the hemmelig service
    init: true  # Whether to enable initialization scripts
    volumes:
      - /root/docker/hem/files/:/var/tmp/hemmelig/upload/files  # Mounts the host directory to the container directory for file uploads
    environment:
      - SECRET_REDIS_HOST=hemmelig-redis  # The hostname of the Redis server
      - SECRET_LOCAL_HOSTNAME=0.0.0.0      # The local hostname for the Fastify instance
      - SECRET_PORT=3000                  # The port number for the Fastify instance
      - SECRET_HOST=                      # Used for i.e. setting CORS to your domain name
      - SECRET_DISABLE_USERS=false        # Whether user registration is disabled
      - SECRET_ENABLE_FILE_UPLOAD=true    # Whether file upload is enabled or disabled
      - SECRET_FILE_SIZE=4                # The total allowed upload file size in MB
      - SECRET_FORCED_LANGUAGE=en         # The default language for the application
      - SECRET_JWT_SECRET=REDACTED_PASSWORD123!     # The secret signing JWT tokens for login # pragma: allowlist secret
      - SECRET_MAX_TEXT_SIZE=256          # The max text size for a secret, set in KB (i.e. 256 for 256KB)
    ports:
      - "3000:3000"  # Maps the host port to the container port
    depends_on:
      - redis  # Ensures that Redis is started before Hemmelig
    restart: unless-stopped  # Always restarts the service if it stops unexpectedly
    stop_grace_period: 1m  # The amount of time to wait before stopping the service
    healthcheck:
      test: "wget -O /dev/null localhost:3000 || exit 1"  # Tests whether the Hemmelig service is responsive
      timeout: 5s  # The amount of time to wait for a response from the health check
      retries: 1  # The number of times to retry the health check if it fails
  redis:
    image: redis  # The Docker image to use for the Redis server
    hostname: hemmelig-redis  # The hostname of the Redis server
    init: true  # Whether to enable initialization scripts
    volumes:
      - ./root/docker/hem/redis/:/data  # Mounts the host directory to the container directory for persistent data
    command: redis-server --appendonly yes  # Runs Redis with append-only mode enabled
    restart: unless-stopped  # Always restarts the service if it stops unexpectedly
    stop_grace_period: 1m  # The amount of time to wait before stopping the service
    healthcheck:
      test: "redis-cli ping | grep PONG || exit 1"  # Tests whether the Redis server is responsive
      timeout: 5s  # The amount of time to wait for a response from the health check
      retries: 1  # The number of times to retry the health check if it fails