services:
  postiz-ts:
    image: tailscale/tailscale:latest
    hostname: postiz
    container_name: postiz-ts
    environment:
      - TS_AUTHKEY={{YOUR_TAILSCALE_AUTHKEY}}
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve.json
    volumes:
      - ./tailscale/tailscale-data:/var/lib/tailscale
      - ./tailscale/config:/config
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
    restart: unless-stopped
  postiz:
    image: ghcr.io/gitroomhq/postiz-app:latest
    container_name: postiz
    restart: always
    environment:
      # === Required Settings
      MAIN_URL: "https://postiz.your-server.com"
      FRONTEND_URL: "https://postiz.your-server.com"
      NEXT_PUBLIC_BACKEND_URL: "https://postiz.your-server.com/api"
      JWT_SECRET: "random string that is unique to every install - just type random characters here!"
      DATABASE_URL: "postgresql://postiz-user:postiz-password@localhost:5432/postiz-db-local"
      REDIS_URL: "redis://localhost:6379"
      BACKEND_INTERNAL_URL: "http://localhost:3000"
      IS_GENERAL: "true"
      DISABLE_REGISTRATION: "false"

      # === Storage Settings
      STORAGE_PROVIDER: "local"
      UPLOAD_DIRECTORY: "/uploads"
      NEXT_PUBLIC_UPLOAD_DIRECTORY: "/uploads"

      # === Cloudflare (R2) Settings
      CLOUDFLARE_ACCOUNT_ID: "your-account-id"
      CLOUDFLARE_ACCESS_KEY: "your-access-key"
      CLOUDFLARE_SECRET_ACCESS_KEY: "your-secret-access-key"
      CLOUDFLARE_BUCKETNAME: "your-bucket-name"
      CLOUDFLARE_BUCKET_URL: "https://your-bucket-url.r2.cloudflarestorage.com/"
      CLOUDFLARE_REGION: "auto"

      # === Social Media API Settings
      X_API_KEY: ""
      X_API_SECRET: ""
      LINKEDIN_CLIENT_ID: ""
      LINKEDIN_CLIENT_SECRET: ""
      REDDIT_CLIENT_ID: ""
      REDDIT_CLIENT_SECRET: ""
      GITHUB_CLIENT_ID: ""
      GITHUB_CLIENT_SECRET: ""
      BEEHIIVE_API_KEY: ""
      BEEHIIVE_PUBLICATION_ID: ""
      THREADS_APP_ID: ""
      THREADS_APP_SECRET: ""
      FACEBOOK_APP_ID: ""
      FACEBOOK_APP_SECRET: ""
      YOUTUBE_CLIENT_ID: ""
      YOUTUBE_CLIENT_SECRET: ""
      TIKTOK_CLIENT_ID: ""
      TIKTOK_CLIENT_SECRET: ""
      PINTEREST_CLIENT_ID: ""
      PINTEREST_CLIENT_SECRET: ""
      DRIBBBLE_CLIENT_ID: ""
      DRIBBBLE_CLIENT_SECRET: ""
      DISCORD_CLIENT_ID: ""
      DISCORD_CLIENT_SECRET: ""
      DISCORD_BOT_TOKEN_ID: ""
      SLACK_ID: ""
      SLACK_SECRET: ""
      SLACK_SIGNING_SECRET: ""
      MASTODON_URL: "https://mastodon.social"
      MASTODON_CLIENT_ID: ""
      MASTODON_CLIENT_SECRET: ""

      # === OAuth & Authentik Settings
      NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME: "Authentik"
      NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL: "https://raw.githubusercontent.com/walkxcode/dashboard-icons/master/png/authentik.png"
      POSTIZ_GENERIC_OAUTH: "false"
      POSTIZ_OAUTH_URL: "https://auth.example.com"
      POSTIZ_OAUTH_AUTH_URL: "https://auth.example.com/application/o/authorize"
      POSTIZ_OAUTH_TOKEN_URL: "https://auth.example.com/application/o/token"
      POSTIZ_OAUTH_USERINFO_URL: "https://authentik.example.com/application/o/userinfo"
      POSTIZ_OAUTH_CLIENT_ID: ""
      POSTIZ_OAUTH_CLIENT_SECRET: ""
      # POSTIZ_OAUTH_SCOPE: "openid profile email"  # Optional: uncomment to override default scope

      NEXT_PUBLIC_SENTRY_DSN: "http://spotlight:8969/stream"
      SENTRY_SPOTLIGHT: "1"

      # === Misc Settings
      OPENAI_API_KEY: ""
      NEXT_PUBLIC_DISCORD_SUPPORT: ""
      NEXT_PUBLIC_POLOTNO: ""
      API_LIMIT: 30

      # === Payment / Stripe Settings
      FEE_AMOUNT: 0.05
      STRIPE_PUBLISHABLE_KEY: ""
      STRIPE_SECRET_KEY: ""
      STRIPE_SIGNING_KEY: ""
      STRIPE_SIGNING_KEY_CONNECT: ""

      # === Developer Settings
      NX_ADD_PLUGINS: false

      # === Short Link Service Settings (Optional - leave blank if unused)
      # DUB_TOKEN: ""
      # DUB_API_ENDPOINT: "https://api.dub.co"
      # DUB_SHORT_LINK_DOMAIN: "dub.sh"
      # SHORT_IO_SECRET_KEY: ""
      # KUTT_API_KEY: ""
      # KUTT_API_ENDPOINT: "https://kutt.it/api/v2"
      # KUTT_SHORT_LINK_DOMAIN: "kutt.it"
      # LINK_DRIP_API_KEY: ""
      # LINK_DRIP_API_ENDPOINT: "https://api.linkdrip.com/v1/"
      # LINK_DRIP_SHORT_LINK_DOMAIN: "dripl.ink"

    volumes:
      - postiz-config:/config/
      - postiz-uploads:/uploads/
    # ports:
    #   - 5000:5000
    network_mode: service:postiz-ts
    depends_on:
      postiz-postgres:
        condition: service_healthy
      postiz-redis:
        condition: service_healthy

  postiz-postgres:
    image: postgres:17-alpine
    container_name: postiz-postgres
    restart: always
    environment:
      POSTGRES_PASSWORD: postiz-password
      POSTGRES_USER: postiz-user
      POSTGRES_DB: postiz-db-local
    volumes:
      - postgres-volume:/var/lib/postgresql/data
    networks:
      - postiz-network
    healthcheck:
      test: pg_isready -U postiz-user -d postiz-db-local
      interval: 10s
      timeout: 3s
      retries: 3
  postiz-redis:
    image: redis:7.2
    container_name: postiz-redis
    restart: always
    healthcheck:
      test: redis-cli ping
      interval: 10s
      timeout: 3s
      retries: 3
    volumes:
      - postiz-redis-data:/data
    network_mode: service:postiz-ts
    depends_on: 
      - postiz-ts

# For Application Monitoring / Debugging
  spotlight:
    pull_policy: always
    container_name: spotlight
    # ports:
    #   - 8969:8969/tcp
    image: ghcr.io/getsentry/spotlight:latest
    network_mode: service:postiz-ts
    depends_on: 
      - postiz-ts


volumes:
  postgres-volume:
    external: false

  postiz-redis-data:
    external: false

  postiz-config:
    external: false

  postiz-uploads:
    external: false