services:
    db-data-pgsql:
        container_name: "zabbixserver-pgsqlbusybox-${CONTEXT}"
        extends:
            file: "/opt/containers/zabbixserver/common-settings.yaml"
            service: "common-settings"
    postgres-server:
        command: "-c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem"
        container_name: "zabbixserver-postgres-${CONTEXT}"
        extends:
            file: "/opt/containers/zabbixserver/common-settings.yaml"
            service: "common-settings"
        ports:
            - "${POSTGRES_PORT_EXTERNAL}:${POSTGRES_PORT_INTERNAL}"
        user: "${UID_GID}"
        volumes:
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/data:/var/lib/postgresql/data:rw"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro"
        env_file: !reset []
        environment:
            POSTGRES_DB: "${POSTGRES_DB}"
            POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
            POSTGRES_USER: "${POSTGRES_USER}"
            ZBX_DB_USERNAME_PW: "${ZBX_DB_USERNAME_PW}"
            ZBX_DB_USERNAME_RO: "${ZBX_DB_USERNAME_RO}"
        secrets: !reset []
    server-db-init:
        container_name: "zabbixserver-dbinit-${CONTEXT}"
        extends:
            file: "/opt/containers/zabbixserver/common-settings.yaml"
            service: "common-settings"
        volumes:
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE:${ZBX_TLSCAFILE}:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
        env_file: !reset []
        environment:
            POSTGRES_DB: "${POSTGRES_DB}"
            POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
            POSTGRES_USER: "${POSTGRES_USER}"
            ZBX_TLSCAFILE: "${ZBX_TLSCAFILE}"
            ZBX_TLSCERTFILE: "${ZBX_TLSCERTFILE}"
            ZBX_TLSKEYFILE: "${ZBX_TLSKEYFILE}"
        secrets: !reset []
    zabbix-server:
        container_name: "zabbixserver-zabbixserver-${CONTEXT}"
        extends:
            file: "/opt/containers/zabbixserver/common-settings.yaml"
            service: "common-settings"
        volumes:
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/certs:/var/lib/zabbix/ssl/certs:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/keys:/var/lib/zabbix/ssl/keys:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/ssl_ca:/var/lib/zabbix/ssl/ssl_ca:rw"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:roz"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE:${ZBX_TLSCAFILE}:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/docker-entrypoint.sh:/usr/bin/docker-entrypoint.sh:ro"
        env_file: !reset []
        environment:
            POSTGRES_DB: "${POSTGRES_DB}"
            POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
            POSTGRES_USER: "${POSTGRES_USER}"
            VAULT_TOKEN: "${VAULT_TOKEN}"
            ZBX_VAULTDBPATH: "${ZBX_VAULTDBPATH}"
            ZBX_VAULTURL: "${ZBX_VAULTURL}"
            ZBX_VAULT: "${ZBX_VAULT}"
            ZBX_DEBUGLEVEL: "${ZBX_DEBUGLEVEL:-3}"
            ZBX_TLSCAFILE: "${ZBX_TLSCAFILE}"
            ZBX_TLSCERTFILE: "${ZBX_TLSCERTFILE}"
            ZBX_TLSKEYFILE: "${ZBX_TLSKEYFILE}"
        secrets: !reset []
    zabbix-web-nginx-pgsql:
        container_name: "zabbixserver-zabbixwebnginx-${CONTEXT}"
        extends:
            file: "/opt/containers/zabbixserver/common-settings.yaml"
            service: "common-settings"
        volumes:
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/cert:/etc/ssl/nginx:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/modules/:/usr/share/zabbix/modules/:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro"
            - "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
        env_file: !reset []
        environment:
            POSTGRES_DB: "${POSTGRES_DB}"
            POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
            POSTGRES_USER: "${POSTGRES_USER}"
            ZBX_SERVER_HOST: "${ZBX_SERVER_HOST}"
            ZBX_SERVER_NAME: "${ZBX_SERVER_NAME}"
            PHP_TZ: "${PHP_TZ}"
            VAULT_TOKEN: "${VAULT_TOKEN}"
            ZBX_VAULTDBPATH: "${ZBX_VAULTDBPATH}"
            ZBX_VAULTURL: "${ZBX_VAULTURL}"
            ZBX_VAULT: "${ZBX_VAULT}"
        secrets: !reset []
secrets: !reset []
volumes:
    snmptraps: !reset []
networks:
    database:
        # Should not be Zabbix' official default 'internal: true'
        # because in our case we want external entities such as a
        # Grafana instance to be able to directly access this
        # PostgreSQL. Here 'internal: true' would render our 'ports:'
        # irrelevant, ports would just never get exposed.
        internal: false