version: "2"

services:
  app:
    image: gristlabs/grist
    restart: always
    volumes:
      - grist:/persist
      - certs:/certs
    environment:
      VIRTUAL_HOST: grist.dmeiburg.de
      LETSENCRYPT_EMAIL: ${EMAIL}
      LETSENCRYPT_HOST: grist.dmeiburg.de
      APP_HOME_URL: https://grist.dmeiburg.de
      GRIST_SESSION_SECRET: ${SECRET}
      GRIST_SANDBOX_FLAVOR: gvisor
      GRIST_SAML_IDP_UNENCRYPTED: 1
      GRIST_SAML_SP_HOST: https://grist.dmeiburg.de
      GRIST_SAML_IDP_LOGIN: https://sso.dmeiburg.de/application/saml/grist/sso/binding/redirect/
      GRIST_SAML_IDP_LOGOUT: https://sso.dmeiburg.de/if/session-end/grist/
      GRIST_SAML_IDP_CERTS: /certs/authentik.pem
      GRIST_SAML_SP_KEY: /certs/grist_private_key.pem
      GRIST_SAML_SP_CERT: /certs/grist_certificate.pem
      GRIST_FORCE_LOGIN: false
    expose: 
        - 8484
networks:
  default:
      name: nginx-proxy
      external: true

volumes:
  grist:
  certs: