# documentation: https://docs.onetimesecret.com
# slogan: Share sensitive information securely with self-destructing links that are only viewable once.
# tags: auth,password,secret,secure
# logo: svgs/onetimesecret.svg
# port: 3000

services:
  onetimesecret:
    image: onetimesecret/onetimesecret:latest
    environment:
      - SERVICE_FQDN_ONETIMESECRET_3000
      - AUTH_AUTOVERIFY=${AUTH_AUTOVERIFY:-true}
      - AUTH_SIGNUP=${AUTH_SIGNUP:-true}
      - COLONEL=${COLONEL:-admin@example.com}
      - HOST=${HOST:-localhost}
      - REDIS_URL=redis://:${SERVICE_PASSWORD_REDIS}@redis:6379/0
      - SECRET=${SERVICE_PASSWORD_ONETIMESECRET}
      - SSL=${SSL:-false}
      - RACK_ENV=production
    depends_on:
      redis:
        condition: service_healthy
    healthcheck:
      test:
        - CMD
        - ruby
        - "-rnet/http"
        - "-e"
        - "exit(Net::HTTP.get_response(URI('http://localhost:3000')).is_a?(Net::HTTPSuccess) ? 0 : 1)"
      interval: 30s
      timeout: 10s
      retries: 3

  redis:
    image: redis:8-alpine
    command: redis-server --requirepass ${SERVICE_PASSWORD_REDIS}
    healthcheck:
      test:
        - CMD
        - redis-cli
        - ping
      interval: 30s
      timeout: 10s
      retries: 3