# Privacy-first self-host stack — Vaultwarden + Joplin Server
# Curl + run:
#   curl -O https://osalt.dev/stack/privacy-first/compose.yml
#   curl -O https://osalt.dev/stack/privacy-first/.env.example && mv .env.example .env
#   docker compose up -d
#
# Not in this file (per stack editorial):
#   - Plausible Analytics: postgres + clickhouse. See
#     https://github.com/plausible/community-edition.
#   - Authentik: multi-container (server + worker + postgres + redis). See
#     https://docs.goauthentik.io/docs/install-config/install/docker-compose.
#   - Jitsi Meet: multi-container with STUN/TURN networking. See
#     https://github.com/jitsi/docker-jitsi-meet.

services:
  vaultwarden:
    image: vaultwarden/server:1.32.6
    restart: unless-stopped
    ports:
      - "${VAULTWARDEN_PORT:-8222}:80"
    environment:
      DOMAIN: ${VAULTWARDEN_DOMAIN:-http://localhost:8222}
      ADMIN_TOKEN: ${VAULTWARDEN_ADMIN_TOKEN:?set VAULTWARDEN_ADMIN_TOKEN in .env}
      SIGNUPS_ALLOWED: ${VAULTWARDEN_SIGNUPS_ALLOWED:-false}
    volumes:
      - vaultwarden_data:/data

  joplin-pg:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${JOPLIN_DB_USER:-joplin}
      POSTGRES_PASSWORD: ${JOPLIN_DB_PASSWORD:?set JOPLIN_DB_PASSWORD in .env}
      POSTGRES_DB: ${JOPLIN_DB_NAME:-joplin}
    volumes:
      - joplin_pg:/var/lib/postgresql/data

  joplin:
    image: joplin/server:3.2.4
    restart: unless-stopped
    depends_on:
      - joplin-pg
    ports:
      - "${JOPLIN_PORT:-22300}:22300"
    environment:
      APP_PORT: "22300"
      APP_BASE_URL: ${JOPLIN_BASE_URL:-http://localhost:22300}
      DB_CLIENT: pg
      POSTGRES_HOST: joplin-pg
      POSTGRES_PORT: "5432"
      POSTGRES_DATABASE: ${JOPLIN_DB_NAME:-joplin}
      POSTGRES_USER: ${JOPLIN_DB_USER:-joplin}
      POSTGRES_PASSWORD: ${JOPLIN_DB_PASSWORD}

volumes:
  vaultwarden_data:
  joplin_pg: