version: '3.8'

x-traefik-enable-labels: &traefik-labels
  traefik.enable: "true"
  traefik.swarm.network: "traefik"
  traefik.constraint-label: "traefik"


services:
  mariadb:
    image: mariadb:11.7.2-noble
    networks:
      - database
    volumes:
      - mariadb:/var/lib/mysql
    environment:
      - TZ:Europe/Berlin
      - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      placement:
        constraints:
          - node.labels.mariadb.data == true
    command:
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_general_ci
      - --default-time-zone=Europe/Berlin
      #default 128M
      - --innodb_buffer_pool_size=512M
      #default 48-128M
      - --innodb_log_file_size=128M
      #default 8M
      - --innodb_log_buffer_size=32M
      #default 1
      - --innodb_flush_log_at_trx_commit=2
      #default 151
      - --max_connections=100
      - --thread_cache_size=50
      #default 400
      - --table_open_cache=400
      #default 16M
      - --tmp_table_size=64M
      #default 16M
      - --max_heap_table_size=64M
      - --skip-name-resolve
      - --bind-address=0.0.0.0

#mariaDb MaxScale -https://hub.docker.com/r/mariadb/maxscale

  postgres:
    image: ghcr.io/immich-app/postgres:15-vectorchord0.4.2-pgvectors0.3.0
    networks:
      - database
    environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
      POSTGRES_INITDB_ARGS: '--data-checksums'
      POSTGRES_USER: root
      TZ: Europe/Berlin
    secrets:
      - postgres_password
    volumes:
      - postgres:/var/lib/postgresql/data
      - type: tmpfs
        target: /dev/shm
        tmpfs:
          size: 134217728
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      update_config:
        parallelism: 1
        delay: 5s
        order: stop-first
        failure_action: rollback
      rollback_config:
        order: stop-first
      resources:
        limits:
          memory: 2G
          cpus: '2'
        reservations:
          memory: 1G
          cpus: '1'
      placement:
        constraints:
          - node.labels.postgres == true


  adminer:
    image: adminer:5.2.1-standalone
    networks:
      - traefik
      - database
    deploy:
      mode: replicated
      replicas: 1
      labels:
        <<: *traefik-labels
        traefik.http.routers.adminer.rule: "Host(`adminer.szabolcsi.dev`)"
        traefik.http.routers.adminer.entrypoints: "https"
        traefik.http.routers.adminer.tls: "true"
        traefik.http.routers.adminer.tls.certresolver: "letsencrypt"
        traefik.http.routers.adminer.middlewares: "local"
        traefik.http.services.adminer.loadbalancer.server.port: "8080"
        traefik.http.services.adminer.loadbalancer.healthCheck.path: "/"
        traefik.http.services.adminer.loadbalancer.healthCheck.interval: "30s"
        traefik.http.services.adminer.loadbalancer.healthCheck.timeout: "1s"


networks:
  database:
    name: database
    driver: overlay
    internal: true
    ipam:
      config:
        - subnet: 172.30.13.0/24
  traefik:
    external: true

volumes:
  mariadb:
    name: mariadb
    driver: local
  postgres:
    name: postgresdb
    driver: local

secrets:
  postgres_password:
    name: postgres-password
    external: true