services:
  mealie:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: ghcr.io/mealie-recipes/mealie:latest
    container_name: mealie
    ports:
      - "4006:9000"
    networks:
      - ip6net
    volumes:
      - ${SERVICE_PATH}/mealie/data:/app/data/
    environment:
      ALLOW_SIGNUP: false
      BASE_URL: https://mealie.${PUBLIC_DOMAIN}
      # Database Settings
      DB_ENGINE: postgres
      POSTGRES_USER: mealie
      POSTGRES_PASSWORD: ${MEALIE_DATABASE_PASSWORD}
      POSTGRES_SERVER: postgres
      POSTGRES_PORT: 5432
      POSTGRES_DB: mealie
      # OIDC using authelia
      OIDC_AUTH_ENABLED: true
      OIDC_SIGNUP_ENABLED: false 
      OIDC_CONFIGURATION_URL: https://auth.${PUBLIC_DOMAIN}/.well-known/openid-configuration
      OIDC_CLIENT_ID: mealie
      OIDC_CLIENT_SECRET: ${MEALIE_OIDC_CLIENT_SECRET} 
      OIDC_AUTO_REDIRECT: false
    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.mealie.rule=Host(`mealie.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.mealie.entrypoints=https"
      - "traefik.http.routers.mealie.tls.certresolver=myresolver"
      - "traefik.http.routers.mealie.tls=true"
      # Middlewares
      - "traefik.http.routers.mealie.middlewares=crowdsec-bouncer@file"