ATLAS/stack.yml

services:
  atlas-postgres:
    image: postgres:16-alpine
    environment:
      POSTGRES_DB: atlas
      POSTGRES_USER: atlas
      POSTGRES_PASSWORD: atlas
    volumes:
      - atlas_postgres_data:/var/lib/postgresql/data
    networks:
      - atlas_internal
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U atlas -d atlas"]
      start_period: 10s
      interval: 30s
      timeout: 5s
      retries: 5

  traefik:
    image: traefik:v3.6
    command:
      - "--api.insecure=true"
      - "--providers.swarm=true"
      - "--providers.swarm.endpoint=unix:///var/run/docker.sock"
      - "--providers.swarm.watch=true"
      - "--providers.swarm.exposedbydefault=false"
      - "--providers.swarm.network=atlas_atlas_internal"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - atlas_internal
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.traefik-dashboard.rule=Host(`bc.a250.ca`) && PathPrefix(`/admin/traefik`)"
        - "traefik.http.routers.traefik-dashboard.entrypoints=websecure"
        - "traefik.http.routers.traefik-dashboard.tls=true"
        - "traefik.http.routers.traefik-dashboard.service=traefik-api"
        - "traefik.http.routers.traefik-dashboard.middlewares=strip-traefik@swarm"
        - "traefik.http.middlewares.strip-traefik.stripprefix.prefixes=/admin/traefik"
        - "traefik.http.services.traefik-api.loadbalancer.server.port=8080"

  # SUBSCRIBE/STRIPE: Do not remove or reorder. Values are in this file; do not use .env.
  # See .cursor/rules/protect-subscribe-settings.mdc
  ss-atlas:
    image: atlas-ss-atlas:latest
    environment:
      - STRIPE_SECRET_KEY=sk_test_51T6uRBRfasa3uSsu1EwvRHaGKhWopjeBz15aDACaI3ectJ1przHIKTX2DAqJu7DDtsBMhIuRiyVf0MY9ivtUvzk800kEZ5advL
      - STRIPE_WEBHOOK_SECRET=whsec_placeholder
      - STRIPE_PRICE_ID=price_1T6v8dRfasa3uSsuCWmIC0Fn
      - STRIPE_PRICE_ID_FREE=price_1T7NOURfasa3uSsuEpbKAD1h
      - STRIPE_PRICE_ID_YEAR=price_1T7NOURfasa3uSsu3fB9ivyn
      - STRIPE_PRICE_ID_MONTH_100=price_1T7NOVRfasa3uSsuEaxzMNno
      - STRIPE_PRICE_ID_MONTH_200=price_1T7NOVRfasa3uSsucQRRlPCi
      - STRIPE_PAYMENT_LINK=
      - FREE_TIER_LIMIT=10
      - YEAR_TIER_LIMIT=50
      - MAX_SIGNUPS=0
      - DOCKER_HOST=unix:///var/run/docker.sock
      - APP_URL=https://bc.a250.ca
      - IDENTITY_URL=https://bc.a250.ca/login
      - DATABASE_URL=postgres://atlas:atlas@atlas-postgres:5432/atlas?sslmode=disable
      - TRAEFIK_DOMAIN=bc.a250.ca
      - TRAEFIK_NETWORK=atlas_internal
      - TRAEFIK_DOCKER_NETWORK=atlas_atlas_internal
      - CUSTOMER_DOMAIN=bc.a250.ca
      - TEMPLATE_PATH=/app/templates
      - ARCHIVE_PATH=/archives
      - LANDING_TAGLINE=Your own workspace, ready in minutes.
      - LANDING_FEATURES=Dedicated environment|Secure single sign-on|Automatic provisioning|Manage subscription anytime
      - ADMIN_SECRET=
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - atlas_archives:/archives
    networks:
      - atlas_internal
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.ss-atlas.rule=Host(`bc.a250.ca`)"
        - "traefik.http.routers.ss-atlas.entrypoints=websecure"
        - "traefik.http.routers.ss-atlas.tls=true"
        - "traefik.http.routers.ss-atlas.priority=1"
        - "traefik.http.services.ss-atlas.loadbalancer.server.port=8080"
        - "traefik.http.routers.ss-atlas-instance.rule=Host(`bc.a250.ca`) && PathPrefix(`/i/`)"
        - "traefik.http.routers.ss-atlas-instance.entrypoints=websecure"
        - "traefik.http.routers.ss-atlas-instance.tls=true"
        - "traefik.http.routers.ss-atlas-instance.priority=15"
        - "traefik.http.routers.ss-atlas-instance.service=ss-atlas"

  whoami:
    image: traefik/whoami
    networks:
      - atlas_internal
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.rule=Host(`bc.a250.ca`) && PathPrefix(`/whoami`)"
        - "traefik.http.routers.whoami.entrypoints=websecure"
        - "traefik.http.routers.whoami.tls=true"
        - "traefik.http.routers.whoami.middlewares=strip-whoami@swarm"
        - "traefik.http.middlewares.strip-whoami.stripprefix.prefixes=/whoami"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"

networks:
  atlas_internal:
    driver: overlay
    attachable: true

volumes:
  atlas_archives:
  atlas_postgres_data: