services:
  tailscale:
    image: tailscale/tailscale:latest
    container_name: kestra-tailscale
    hostname: kestra
    environment:
      - TS_AUTHKEY=${TS_AUTHKEY}
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve-config.json
      - TS_EXTRA_ARGS=--accept-routes
    volumes:
      - tailscale-state:/var/lib/tailscale
      - /opt/kestra/tailscale/serve-config.json:/config/serve-config.json:ro
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    restart: unless-stopped

  kestra:
    image: kestra/kestra:latest
    pull_policy: always
    container_name: kestra
    network_mode: service:tailscale
    stop_grace_period: 6m
    depends_on:
      tailscale:
        condition: service_started
    command: server standalone
    user: "root"
    environment:
      KESTRA_CONFIGURATION: |
        datasources:
          postgres:
            url: jdbc:postgresql://${DB_HOST}:${DB_PORT}/${DB_NAME}
            driverClassName: org.postgresql.Driver
            username: ${DB_USER}
            password: ${DB_PASSWORD}
        kestra:
          server:
            basic-auth:
              enabled: true
              username: ${KESTRA_ADMIN_USER}
              password: ${KESTRA_ADMIN_PASSWORD}
          repository:
            type: postgres
          storage:
            type: local
            local:
              base-path: "/app/storage"
          queue:
            type: postgres
          tasks:
            tmp-dir:
              path: /tmp/kestra-wd/tmp
          url: https://kestra.taila5ad8.ts.net/
    volumes:
      - kestra-data:/app/storage
      - /var/run/docker.sock:/var/run/docker.sock
      - /tmp/kestra-wd:/tmp/kestra-wd
    restart: unless-stopped

volumes:
  tailscale-state:
  kestra-data: