version: '3.7'
services:

  postgres:
    # In production, replace 'latest' with tag from https://hub.docker.com/r/timescale/timescaledb/tags
    # If you are not using the Storage Integration nor Network Operations Center, you can use vanilla Postgres.
    # The minimum Postgres version supported is 14.x.
    image: "timescale/timescaledb:latest-pg16"
    restart: unless-stopped
    environment:
      - POSTGRES_PASSWORD=root
      - POSTGRES_USER=root
      - POSTGRES_DB=ttn_lorawan
    volumes:
      - ${DEV_DATA_DIR:-.env/data}/postgres:/var/lib/postgresql/data
    ports:
      - "127.0.0.1:5432:5432"

  redis:
    # In production, replace 'latest' with tag from https://hub.docker.com/_/redis?tab=tags
    image: redis:latest
    command: redis-server --appendonly yes
    restart: unless-stopped
    volumes:
      - ${DEV_DATA_DIR:-.env/data}/redis:/data
    ports:
      - "127.0.0.1:6379:6379"

  grafana:
    # In production, replace 'latest' with tag from https://github.com/thethingsindustries/lorawan-stack-noc-grafana/pkgs/container/lorawan-stack-noc-grafana/versions
    # Make sure the tag matches the version used for the stack service (see below)
    image: "ghcr.io/thethingsindustries/lorawan-stack-noc-grafana:latest"
    environment:
      - GF_AUTH_PROXY_AUTO_SIGN_UP=false
      - GF_AUTH_PROXY_ENABLE_LOGIN_TOKEN=false
      - GF_AUTH_PROXY_ENABLED=true
      - GF_AUTH_PROXY_HEADER_NAME=X-WEBAUTH-USER
      - GF_AUTH_SIGNOUT_REDIRECT_URL=/noc/logout
      - GF_DATABASE_PATH=db/grafana.db
      - GF_DEFAULT_APP_MODE=development
      - GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS=thethingsindustries-ttsnoc-datasource
      - GF_PLUGINS_PLUGIN_ADMIN_ENABLED=false
      - GF_SECURITY_CONTENT_SECURITY_POLICY_TEMPLATE=script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $$NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' wss:;manifest-src 'self';media-src 'none';form-action 'self';
      - GF_SECURITY_CONTENT_SECURITY_POLICY=true
      - GF_SERVER_ROOT_URL=/noc
      - GF_SERVER_SERVE_FROM_SUB_PATH=true
      - GF_USERS_DEFAULT_THEME=light
    depends_on:
      - postgres
      - stack
    volumes:
      - ${DEV_DATA_DIR:-.env/data}/grafana/db:/var/lib/grafana/db
    ports:
      - "127.0.0.1:3000:3000"

  stack:
    # In production, replace 'latest' with tag from https://hub.docker.com/r/thethingsindustries/lorawan-stack/tags
    image: thethingsindustries/lorawan-stack:latest
    entrypoint: tti-lw-stack -c /config/ttn-lw-stack-docker.yml
    command: start
    restart: unless-stopped
    depends_on:
      - redis
      - postgres
    volumes:
      - ./blob:/srv/ttn-lorawan/public/blob
      - ./config/stack:/config:ro
      # If using Let's Encrypt:
      - ./acme:/var/lib/acme
    environment:
      TTN_LW_BLOB_LOCAL_DIRECTORY: /srv/ttn-lorawan/public/blob
      TTN_LW_REDIS_ADDRESS: redis:6379
      TTN_LW_EVENTS_REDIS_ADDRESS: redis:6379
      TTN_LW_IS_DATABASE_URI: postgres://root:root@postgres:5432/ttn_lorawan?sslmode=disable
      TTN_LW_NOC_GRAFANA_NOC_ADDRESS: stack:1884
      TTN_LW_NOC_GRAFANA_TARGET_URL: http://grafana:3000
      TTN_LW_NOC_STORE_DATABASE_URI: postgres://root:root@postgres:5432/ttn_lorawan?sslmode=disable

    ports:
      # If deploying on a public server:
      - "80:1885"
      - "443:8885"
      - "1881:1881"
      - "8881:8881"
      - "1882:1882"
      - "8882:8882"
      - "1883:1883"
      - "8883:8883"
      - "1884:1884"
      - "8884:8884"
      - "1885:1885"
      - "8885:8885"
      - "1886:1886"
      - "8886:8886"
      - "1887:1887"
      - "8887:8887"
      - "1888:1888"
      - "8888:8888"
      - "8889:8889"
      - "1700:1700/udp"

    # If using custom certificates:
    # secrets:
    #   - ca.pem
    #   - cert.pem
    #   - key.pem

# If using custom certificates:
# secrets:
#   ca.pem:
#     file: ./ca.pem
#   cert.pem:
#     file: ./cert.pem
#   key.pem:
#     file: ./key.pem