# vim:ft=ansible:
- name: docker deploy firefly
  docker_container:
    name: firefly
    image: fireflyiii/core:latest
    env:
      APP_KEY: "{{ secret_firefly_app_key }}"
      APP_URL: "https://firefly.desu.ltd"
      # We set TRUSTED_PROXIES to * here, which allows any app in the docker
      # network to proxy this. I'm considering this a fine security concession
      # since we can't guarantee the IP of the ingress container
      TRUSTED_PROXIES: "*"
      DB_HOST: "10.0.0.2"
      DB_PORT: "5432"
      DB_CONNECTION: pgsql
      DB_DATABASE: "firefly-desultd"
      DB_USERNAME: "firefly-desultd"
      DB_PASSWORD: "{{ secret_firefly_db_pass }}"
    networks:
      - name: web
        aliases: [ "firefly" ]
    volumes:
      - /data/firefly/upload:/var/www/html/storage/upload
  tags: [ docker, firefly ]