version: '3'
services:
  # This is capable to relay via gmail, Amazon SES, or generic relays
  # See: https://hub.docker.com/r/ixdotai/smtp
  mail:
    image: ixdotai/smtp
    environment:
      - "SMARTHOST_ADDRESS=${SMARTHOST_ADDRESS}"
      - "SMARTHOST_PORT=${SMARTHOST_PORT}"
      - "SMARTHOST_USER=${SMARTHOST_USER}"
      - "SMARTHOST_PASSWORD=${SMARTHOST_PASSWORD}"
      - "SMARTHOST_ALIASES=${SMARTHOST_ALIASES}"

  redis:
    image: redis:7.2

  db:
    # We use MariaDB because it supports ARM and has the expected collations
    image: mariadb:10.11
    restart: always
    environment:
      - "MYSQL_USER=${MYSQL_USER:-misp}"
      - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
      - "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-password}"
      - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
    volumes:
      - mysql_data:/var/lib/mysql
    cap_add:
      - SYS_NICE  # CAP_SYS_NICE Prevent runaway mysql log

  misp-core:
    image: ghcr.io/misp/misp-docker/misp-core:latest
    build:
      context: core/.
      args:
          - CORE_TAG=${CORE_TAG}
          - CORE_COMMIT=${CORE_COMMIT}
          - PHP_VER=${PHP_VER}
          - PYPI_REDIS_VERSION=${PYPI_REDIS_VERSION}
          - PYPI_LIEF_VERSION=${PYPI_LIEF_VERSION}
          - PYPI_PYDEEP2_VERSION=${PYPI_PYDEEP2_VERSION}
          - PYPI_PYTHON_MAGIC_VERSION=${PYPI_PYTHON_MAGIC_VERSION}
          - PYPI_MISP_LIB_STIX2_VERSION=${PYPI_MISP_LIB_STIX2_VERSION}
          - PYPI_MAEC_VERSION=${PYPI_MAEC_VERSION}
          - PYPI_MIXBOX_VERSION=${PYPI_MIXBOX_VERSION}
          - PYPI_CYBOX_VERSION=${PYPI_CYBOX_VERSION}
          - PYPI_PYMISP_VERSION=${PYPI_PYMISP_VERSION}
    depends_on:
      - redis
      - db
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./configs/:/var/www/MISP/app/Config/"
      - "./logs/:/var/www/MISP/app/tmp/logs/"
      - "./files/:/var/www/MISP/app/files/"
      - "./ssl/:/etc/nginx/certs/"
      - "./gnupg/:/var/www/MISP/.gnupg/"
      # customize by replacing ${CUSTOM_PATH} with a path containing 'files/customize_misp.sh'
      # - "${CUSTOM_PATH}/:/custom/"
    environment:
      - "HOSTNAME=${HOSTNAME}"
      - "CRON_USER_ID=${CRON_USER_ID}"
      - "DISABLE_IPV6=${DISABLE_IPV6}"
      # standard settings
      - "ADMIN_EMAIL=${ADMIN_EMAIL}"
      - "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
      - "ADMIN_KEY=${ADMIN_KEY}"
      - "ADMIN_ORG=${ADMIN_ORG}"
      - "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
      # authentication settings
      - "OIDC_ENABLE=${OIDC_ENABLE}"
      - "OIDC_PROVIDER_URL=${OIDC_PROVIDER_URL}"
      - "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
      - "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
      - "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
      - "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
      - "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
      # sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)
      - "SYNCSERVERS=${SYNCSERVERS}"
      - |
        SYNCSERVERS_1_DATA=
        {
          "remote_org_uuid": "${SYNCSERVERS_1_UUID}",
          "name": "${SYNCSERVERS_1_NAME}",
          "authkey": "${SYNCSERVERS_1_KEY}",
          "url": "${SYNCSERVERS_1_URL}",
          "pull": true
        }
      # mysql settings
      - "MYSQL_HOST=${MYSQL_HOST:-db}"
      - "MYSQL_PORT=${MYSQL_PORT:-3306}"
      - "MYSQL_USER=${MYSQL_USER:-misp}"
      - "MYSQL_PASSWORD=${MYSQL_PASSWORD:-example}"
      - "MYSQL_DATABASE=${MYSQL_DATABASE:-misp}"
  
  misp-modules:
    image: ghcr.io/misp/misp-docker/misp-modules:latest
    build:
      context: modules/.
      args:
        - MODULES_TAG=${MODULES_TAG}
        - MODULES_COMMIT=${MODULES_COMMIT}
        - LIBFAUP_COMMIT=${LIBFAUP_COMMIT}
    environment:
      - "REDIS_BACKEND=redis"
    depends_on:
      - redis

volumes:
    mysql_data: