version: "2.2"
services:
  gateway:
    image: docker.mitigator.ru/mitigator/gateway:${VERSION:?VERSION not set}
    cap_add:
    - NET_ADMIN
    sysctls:
    - net.ipv4.conf.all.src_valid_mark=1
    hostname: gateway
    networks:
      default:
        aliases:
        - backend.mitigator
        - carbon-clickhouse.mitigator
        - carbonapi.mitigator
        - clickhouse.mitigator
        - gateway.mitigator
        - graphite-clickhouse.mitigator
        - logan.mitigator
        - watchhog.mitigator
    ports:
    - "${MITIGATOR_BGP_PORT:-179}:179"
    - "${MITIGATOR_GRAFANA_PORT:-3000}:3000"
    - "${MITIGATOR_HTTPS_PORT:-443}:443"
    - "${MITIGATOR_HTTP_PORT:-80}:80"
    - "${MITIGATOR_SNMP_PORT:-705}:705"
    - "${MITIGATOR_SYSLOG_TCP_PORT:-7202}:7202"
    - "${MITIGATOR_SYSLOG_TLS_PORT:-7203}:7203"
    - "${MITIGATOR_SYSLOG_UDP_PORT:-7201}:7201/udp"
    - "${MITIGATOR_VPN_PORT:-4567}:${MITIGATOR_VPN_PORT:-4567}/udp"
    - "${MITIGATOR_SIGNALING_2_PORT:-9930}:9930/udp"
    volumes:
    - ${MITIGATOR_CONFIG_DIR:-.}:/gateway/etc:ro
    environment:
      GATEWAY_ADDRESS: "${MITIGATOR_VPN_ADDRESS:-10.8.3.1}/${MITIGATOR_VPN_PREFIX:-24}"
      GATEWAY_PORT: "${MITIGATOR_VPN_PORT:-4567}"
      GATEWAY_RULES: 8888:dataplane.mitigator:8888

  gateway-dataplane:
    image: docker.mitigator.ru/mitigator/gateway:${VERSION:?VERSION not set}
    privileged: true
    sysctls:
    - net.ipv4.conf.all.src_valid_mark=1
    hostname: gateway-dataplane
    networks:
      default:
        aliases:
        - gateway-dataplane.mitigator
        - dataplane.mitigator
    ports:
    - "${DATA_PLANE_VPN_PORT:-4568}:${DATA_PLANE_VPN_PORT:-4568}/udp"
    volumes:
    - ${MITIGATOR_CONFIG_DIR:-.}:/gateway/etc:ro
    environment:
      GATEWAY_ADDRESS: "${MITIGATOR_VPN_ADDRESS:-10.8.3.1}/${MITIGATOR_VPN_PREFIX:-24}"
      GATEWAY_DEVICE: "${DATA_PLANE_VPN_DEVICE:-wg0}"
      GATEWAY_PORT: "${DATA_PLANE_VPN_PORT:-4568}"

  dataplane:
    image: docker.mitigator.ru/mitigator/dataplane/${ARCH:-nehalem}:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    privileged: true
    network_mode: service:gateway-dataplane
    depends_on: [gateway-dataplane]
    volumes:
    - ${MITIGATOR_CONFIG_DIR:-.}:/dataplane/etc:ro
    - coredumps:/dataplane/coredumps:rw
    environment:
      DATA_PLANE_NR_POLICIES: ${DATA_PLANE_NR_POLICIES:-100}
      DATA_PLANE_NR_POLICIES_IPV6: ${DATA_PLANE_NR_POLICIES_IPV6:-100}

  postgres:
    image: docker.mitigator.ru/mitigator/postgres:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on: [gateway]
    volumes:
    - postgres:/var/lib/postgresql:rw
    environment:
      POSTGRES_DB: mitigator
      POSTGRES_INITDB_ARGS: --encoding=UTF8 --locale=ru_RU.UTF-8

  backend:
    image: docker.mitigator.ru/mitigator/backend:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on: [gateway]
    volumes:
    - frontend:/var/www/mitigator:ro
    - own_id:/backend/own_id
    environment:
      BACKEND_CLICK_BASE_URL: "http://${MITIGATOR_VPN_ADDRESS:-localhost}:8888"
      BACKEND_DATABASE_URI: "postgres://backend@${MITIGATOR_STORAGE_HOST:-localhost}/mitigator?sslmode=disable"
      BACKEND_GRAPHITE_URL: "http://${MITIGATOR_STORAGE_HOST:-localhost}:3080/render/"
      BACKEND_PUBLIC_URL: "https://${MITIGATOR_HOST_ADDRESS:-0.0.0.0}:${MITIGATOR_HTTPS_PORT:-443}"
      MITIGATOR_OWN_NAME: "${MITIGATOR_OWN_NAME:-Mitigator}"
      WATCHHOG_BACKEND_TOKEN: "${TOKEN:-9d947a396b2553b4171a06dd54434238b3409e1a}"
      TZ: "${TZ:-Europe/Moscow}"
      NO_PROXY: ".mitigator,localhost"

  nginx:
    image: docker.mitigator.ru/mitigator/nginx:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on:
    - backend
    - gateway
    volumes:
    - frontend:/var/www/mitigator:ro

  frontend:
    image: docker.mitigator.ru/mitigator/frontend:${VERSION:?VERSION not set}
    network_mode: none
    hostname: frontend
    volumes:
    - frontend:/frontend-copy

  fwstats:
    image: docker.mitigator.ru/mitigator/fwstats:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on: [gateway]
    environment:
      FWSTATS_GRAPHITE_ADDRESS: "${MITIGATOR_STORAGE_HOST:-localhost}:2003"

  watchhog:
    image: docker.mitigator.ru/mitigator/watchhog:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on: [gateway]
    environment:
      WATCHHOG_BACKEND_TOKEN: "${TOKEN:-9d947a396b2553b4171a06dd54434238b3409e1a}"

  rts:
    image: docker.mitigator.ru/mitigator/rts:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on: [gateway]

  logan:
    image: docker.mitigator.ru/mitigator/logan:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on: [gateway]
    scale: 0

  reporter:
    image: docker.mitigator.ru/mitigator/reporter:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    init: true
    network_mode: service:gateway
    depends_on: [gateway]
    environment:
      TZ: "${TZ:-Europe/Moscow}"

  gobgp:
    image: docker.mitigator.ru/mitigator/gobgp:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on: [gateway]

  clickhouse:
    image: docker.mitigator.ru/mitigator/clickhouse:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on: [gateway]
    ulimits:
      nofile:
        soft: 262144
        hard: 262144
    volumes:
    - "clickhouse:/var/lib/clickhouse:rw"

  graphite-clickhouse:
    image: docker.mitigator.ru/mitigator/graphite-clickhouse:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on:
    - clickhouse
    - gateway

  carbon-clickhouse:
    image: docker.mitigator.ru/mitigator/carbon-clickhouse:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on:
    - clickhouse
    - gateway

  carbonapi:
    image: docker.mitigator.ru/mitigator/carbonapi:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    network_mode: service:gateway
    depends_on:
    - graphite-clickhouse
    - gateway

  grafana:
    image: docker.mitigator.ru/mitigator/grafana:${VERSION:?VERSION not set}
    restart: ${CONTAINER_RESTART_POLICY:-on-failure}
    scale: 0
    network_mode: service:gateway
    depends_on:
    - carbonapi
    - gateway
    volumes:
    - grafana:/var/lib/grafana:rw


networks:
  default:


volumes:
  clickhouse:
  coredumps:
  frontend:
  grafana:
  postgres:
  own_id: