# Tools stack — generated by Ansible
# Do not edit manually; re-run ansible-playbook playbooks/tools.yml

networks:
  # front — non-internal: needed for Docker port binding to work (expose ports to host)
  # Docker does not create DNAT rules for containers only on internal networks
  front:
    driver: bridge
  outline-internal:
    driver: bridge
    internal: true
  n8n-internal:
    driver: bridge
    internal: true

volumes:
  outline_db_data:
  outline_redis_data:
  n8n_data:

services:

  # ── Outline wiki ────────────────────────────────────────────────────────────
  outline:
    image: {{ outline_image }}
    container_name: outline
    restart: unless-stopped
    env_file: .env
    networks:
      - outline-internal
      - front    # needed for host port binding
    ports:
      # Exposed only to main Traefik (access controlled by UFW)
      - "{{ ip_tools }}:3000:3000"
    depends_on:
      outline-db:
        condition: service_healthy
      outline-redis:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000/_health"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

  outline-db:
    image: {{ outline_db_image }}
    container_name: outline-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: outline
      POSTGRES_USER: outline
      POSTGRES_PASSWORD: ${OUTLINE_DB_PASSWORD}
    networks:
      - outline-internal
    volumes:
      - outline_db_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U outline"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

  outline-redis:
    image: {{ outline_redis_image }}
    container_name: outline-redis
    restart: unless-stopped
    networks:
      - outline-internal
    volumes:
      - outline_redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

  # ── n8n workflow automation ──────────────────────────────────────────────────
  n8n:
    image: {{ n8n_image }}
    container_name: n8n
    restart: unless-stopped
    networks:
      - n8n-internal
      - front    # needed for host port binding
    ports:
      # Exposed only to main Traefik (access controlled by UFW)
      - "{{ ip_tools }}:5678:5678"
    volumes:
      - n8n_data:/home/node/.n8n
    environment:
      - N8N_HOST={{ domain_n8n }}
      - N8N_PORT=5678
      - N8N_PROTOCOL=https
      - WEBHOOK_URL=https://{{ domain_n8n }}/
      - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
      - N8N_USER_MANAGEMENT_JWT_SECRET=${N8N_JWT_SECRET}
      - GENERIC_TIMEZONE=Europe/Moscow
      - TZ=Europe/Moscow
      - N8N_METRICS=false
      - N8N_LOG_LEVEL=warn
      - EXECUTIONS_DATA_PRUNE=true
      - EXECUTIONS_DATA_MAX_AGE=336
    healthcheck:
      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:5678/healthz"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"