version: '2'

services:
  cryptpad:
    image: cryptpad/cryptpad:latest
    dns: # Using Cloudflare DNS
      - 1.1.1.1
      - 1.0.0.1
      - 2606:4700:4700::1111
      - 2606:4700:4700::1001
    labels:
      io.rancher.container.pull_image: always
      {{- if .Values.HOST_LABEL}}
      io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
      {{- end}}
      traefik.enable: true
      ### Start Web Segment
      traefik.frontend.entryPoints: http,https
      traefik.frontend.headers.forceSTSHeader: true
      traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
      traefik.frontend.headers.SSLRedirect: true
      traefik.frontend.headers.STSPreload: true
      traefik.frontend.headers.STSSeconds: 15552000
      traefik.frontend.passHostHeader: true
      traefik.frontend.rule: Host:${TRAEFIK_HOST}
      traefik.port: "3000"
      ### End Web Segment
    restart: on-failure
    volumes:
      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
      - /Persistent/${DATA_DIR}/Blob:/cryptpad/blob
      - /Persistent/${DATA_DIR}/BlobStage:/cryptpad/blobstage
      - /Persistent/${DATA_DIR}/Block:/cryptpad/block
      - /Persistent/${DATA_DIR}/Configuration:/cryptpad/customize
      - /Persistent/${DATA_DIR}/Data:/cryptpad/datastore
      - /Persistent/${DATA_DIR}/Pins:/cryptpad/pins
      - /Persistent/${DATA_DIR}/Tasks:/cryptpad/tasks