---

# Name of this instance
instance: bookstack

bookstack:

  # BookStack version
  version: 23.12.2

  # Docker image to use
  image: '[[ .docker.repo ]]bookstack:[[ .bookstack.version ]]-2'

  # Number of instances to run
  count: 1

  # Custom env vars to set in the container
  env:
    WAIT_FOR_TARGETS: 127.0.0.1:3306

  # Resource allocation
  resources:
    cpu: 100
    memory: 256
    memory_max: 512

  vault:
    # List of vault policies to attach in to the task
    policies:
      - '[[ .instance ]][[ .consul.suffix ]]'

  # Wait for MariaDB to be ready before starting
  wait_for:
    service: mariadb[[ .consul.suffix ]]

  consul:
    connect:
      # Connect a few services from the mesh
      upstreams:
        - destination_name: mariadb[[ .consul.suffix ]]
          local_bind_port: 3306
        - destination_name: '[[ .mail.smtp_service_name ]]'
          local_bind_port: 25

  # Bookstack settings (which will populate .env)
  settings:
    APP_KEY: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .instance ]]" }}{{ .Data.data.app_key }}{{ end }}'
    APP_URL: '[[ .bookstack.public_url ]]'
    APP_LANG: fr
    APP_PROXIES: 127.0.0.1
    DB_HOST: '[[ .bookstack.mysql.host ]]'
    DB_PORT: '[[ .bookstack.mysql.port ]]'
    DB_DATABASE: '[[ .bookstack.mysql.database ]]'
    DB_USERNAME: '[[ .bookstack.mysql.user ]]'
    DB_PASSWORD: '[[ .bookstack.mysql.password ]]'
    MAIL_DRIVER: smtp
    MAIL_FROM_NAME: '[[ .instance ]]'
    MAIL_FROM: no-reply@[[ (urlParse .bookstack.public_url).Hostname ]]
    MAIL_HOST: 127.0.0.1
    MAIL_PORT: 25
    CACHE_PREFIX: '[[ .instance ]]'
    CACHE_DRIVER: database
    SESSION_DRIVER: database
    SESSION_LIFETIME: 240
    SESSION_COOKIE_NAME: '[[ .instance ]]_session'
    QUEUE_CONNECTION: database
    STORAGE_TYPE: local_secure_restricted
    DISABLE_EXTERNAL_SERVICES: true
    WKHTMLTOPDF: /usr/local/bin/wkhtmltopdf

  # Database settings
  mysql:
    host: 127.0.0.1
    port: 3306
    database: '[[ .instance ]]'
    user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
    password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'

  # Public URL on which bookstack will be available
  public_url: https://bookstack.example.org

  # Traefik settings
  traefik:
    middlewares:
      # Can be removed once compression is added back to the default base_middlewares
      - compression@file

    # Custom CSP to set
    csp:
      default-src: "'self'"
      script-src: "'self' 'unsafe-inline'"
      img-src: "'self' blob: data:"
      style-src: "'self' 'unsafe-inline'"
      font-src: "'self' data:"
    
  # Volume for data persistence
  volumes:
    data:
      type: csi
      source: '[[ .instance ]]-data[[ .consul.suffix ]]'
      # Note: use multi-node-multi-writer so we can run several instances
      access_mode: multi-node-multi-writer