Shumiland/docker-compose.prod.yml

services:
  postgres:
    image: postgres:16-alpine
    container_name: shumiland-postgres
    environment:
      POSTGRES_USER: shumiland
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: shumiland
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U shumiland']
      interval: 10s
      timeout: 5s
      retries: 5
    restart: unless-stopped
    networks:
      - internal

  migrate:
    build:
      context: .
      dockerfile: Dockerfile.migrator
    container_name: shumiland-migrate
    env_file: .env.production
    depends_on:
      postgres:
        condition: service_healthy
    volumes:
      - ./migrations:/app/migrations
    networks:
      - internal
    profiles:
      - tools

  app:
    build: .
    container_name: shumiland-app
    env_file: .env.production
    depends_on:
      postgres:
        condition: service_healthy
    volumes:
      - media_uploads:/app/media
    restart: unless-stopped
    networks:
      - internal
      - traefik-public
    labels:
      - traefik.enable=true
      - traefik.http.routers.shumiland.rule=Host(`shumi.ai-impress.com`)
      - traefik.http.routers.shumiland.entrypoints=websecure
      - traefik.http.routers.shumiland.tls.certresolver=cloudflare
      - traefik.http.services.shumiland.loadbalancer.server.port=3000
      - traefik.http.routers.shumiland.middlewares=security-headers@file

  pg_backup:
    image: alpine:3
    volumes:
      - postgres_data:/var/lib/postgresql/data:ro
      - ./backups:/backups
    environment:
      POSTGRES_USER: shumiland
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: shumiland
      POSTGRES_HOST: postgres
    command: >-
      sh -c "apk add --no-cache postgresql-client &&
      echo '0 3 * * * pg_dump postgresql://$$POSTGRES_USER:$$POSTGRES_PASSWORD@$$POSTGRES_HOST/$$POSTGRES_DB | gzip > /backups/shumiland_$$(date +\%Y\%m\%d_\%H\%M\%S).sql.gz && find /backups -mtime +14 -delete' | crontab - &&
      crond -f"
    depends_on:
      - postgres
    restart: unless-stopped
    networks:
      - internal

networks:
  internal:
    name: shumiland-internal
  traefik-public:
    external: true

volumes:
  postgres_data:
    name: shumiland-postgres-data
  media_uploads:
    name: shumiland-media-uploads