version: '3.4'
services:
  ejabberd:
    image: ejabberd/ecs:22.05
    container_name: ejabberd
    hostname: ${HOSTNAME}
    mem_limit: 512m
    restart: on-failure:3

    ports:
      - 5222:5222 #c2s stattls#
      - 5223:5223 #c2s ssl#
      - 5269:5269 #s2s#
      - 5280:5280 #bosh + admin#
      - 5443:5443 #http-upload#
      - 3478:3478/udp #stun/turn
      - 5349:5349/tcp #stuns/turns
      - 7777:7777 #proxy65

    expose:
      - 80

    entrypoint: /home/ejabberd/entrypoint.sh
    command: foreground

    healthcheck:
#      test: ["CMD", "nc", "-z", "ejabberd:5347"]
      test: /home/ejabberd/bin/ejabberdctl status | grep -q started
      interval: 15s #interval for the first and subsequent checks
      timeout: 10s
      retries: 3
    
    volumes:
      - ./entrypoint.sh:/home/ejabberd/entrypoint.sh:ro
      - ./data/backup/:/home/ejabberd/backup/
      - ./data/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml:ro
      - ./data/conf.custom/:/home/ejabberd/conf.custom/:ro
      - ./data/conf.d/:/home/ejabberd/conf/conf.d/:ro
      - ./data/database/:/home/ejabberd/database/
      - ./data/upload/:/home/ejabberd/upload/
      - ./data/www:/home/ejabberd/www/
      - /opt/docker/reverse-proxy/data/certs/${HOSTNAME}:/etc/ssl/ejabberd:ro

    environment:
      IP_ADDRESS: ${IP_ADDRESS}
      IRCPASS: ${IRCPASS}
      VIRTUAL_HOST: >
                    ${HOSTNAME},
                    conference.${HOSTNAME},
                    pubsub.${HOSTNAME},
                    upload.${HOSTNAME},
                    irc.${HOSTNAME},
                    proxy.${HOSTNAME},
                    push.${HOSTNAME}
      LETSENCRYPT_HOST: >
                        ${HOSTNAME},
                        conference.${HOSTNAME},
                        pubsub.${HOSTNAME},
                        upload.${HOSTNAME},
                        irc.${HOSTNAME},
                        proxy.${HOSTNAME},
                        push.${HOSTNAME}
      LETSENCRYPT_EMAIL: webmaster@${HOSTNAME}
      ACME_POST_HOOK: install --owner=9000 --group=9000 --mode=500 --preserve-timestamps /etc/nginx/certs/${HOSTNAME}/key.pem /etc/nginx/certs/${HOSTNAME}/ejabberd-key.pem

    networks:
      - reverse-proxy_default
      - irc
      - db_default

  biboumi:
    image: louiz/biboumi:9.0
    container_name: ejabberd_biboumi
    mem_limit: 200m
    restart: on-failure:3

    ports:
      - 113:8113  #identd, used by irc servers to differentiate user coming from one host#

    depends_on:
      ejabberd:
        condition: service_healthy

    volumes:
      - ./data/biboumi/database/:/var/lib/biboumi/
      - ./data/biboumi/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt

    environment:
      BIBOUMI_HOSTNAME: irc.${HOSTNAME}
      BIBOUMI_PORT: 5347
      BIBOUMI_PASSWORD: ${IRCPASS} 
      BIBOUMI_XMPP_SERVER_IP: ejabberd 
      BIBOUMI_ADMIN: admin@${HOSTNAME}
      BIBOUMI_IDENTD_PORT: 8113 ## the biboumi has not the privilege to open port 113 directly
      BIBOUMI_log_level: 1 ## disable logging of chat messages

    networks:
      - irc

networks:
  db_default:
    external: true
  reverse-proxy_default:
    external: true
  irc: