captainVersion: 4
services:
    $$cap_appname:
        image: umputun/remark42:$$cap_tag_version
        hostname: $$cap_appname.$$cap_root_domain
        restart: always
        environment:
            REMARK_URL: 'https://$$cap_appname.$$cap_root_domain'
            SECRET: '$$cap_secret'
            SITE: '$$cap_site'
            STORE_TYPE: '$$cap_store_type'
            STORE_BOLT_PATH: '$$cap_store_bolt_path'
            STORE_BOLT_TIMEOUT: '$$cap_store_bolt_timeout'
            ADMIN_SHARED_ID: '$$cap_admin_shared_id'
            ADMIN_SHARED_EMAIL: '$$cap_admin_shared_email'
            BACKUP_PATH: '$$cap_backup'
            MAX_BACKUP_FILES: '$$cap_max_back'
            CACHE_TYPE: '$$cap_cache_type'
            CACHE_REDIS_ADDR: '$$cap_cache_redis_addr'
            CACHE_MAX_ITEMS: '$$cap_cache_max_items'
            CACHE_MAX_VALUE: '$$cap_cache_max_value'
            CACHE_MAX_SIZE: '$$cap_cache_max_size'
            AVATAR_TYPE: '$$cap_avatar_type'
            AVATAR_FS_PATH: '$$cap_avatar_fs_path'
            AVATAR_BOLT_FILE: '$$cap_avatar_bolt_file'
            AVATAR_URI: '$$cap_avatar_uri'
            AVATAR_RSZ_LMT: '$$cap_avatar_rsz_lmt'
            IMAGE_TYPE: '$$cap_image_type'
            IMAGE_MAX_SIZE: '$$cap_image_max_size'
            IMAGE_FS_PATH: '$$cap_image_fs_path'
            IMAGE_FS_STAGING: '$$cap_image_fs_staging'
            IMAGE_FS_PARTITIONS: '$$cap_image_fs_partitions'
            IMAGE_BOLT_FILE: '$$cap_image_bolt_file'
            IMAGE_RESIZE_WIDTH: '$$cap_image_resize_width'
            IMAGE_RESIZE_HEIGHT: '$$cap_image_resize_height'
            AUTH_TTL_JWT: '$$cap_auth_ttl_jwt'
            AUTH_TTL_COOKIE: '$$cap_auth_ttl_cookie'
            AUTH_SEND_JWT_HEADER: '$$cap_auth_send-jwt_header'
            AUTH_SAME_SITE: '$$cap_auth_same_site'
            AUTH_GOOGLE_CID: '$$cap_auth_google_cid'
            AUTH_GOOGLE_CSEC: '$$cap_auth_google_csec'
            AUTH_FACEBOOK_CID: '$$cap_auth_facebook_cid'
            AUTH_FACEBOOK_CSEC: '$$cap_auth_facebook_csec'
            AUTH_MICROSOFT_CID: '$$cap_auth_microsoft_cid'
            AUTH_MICROSOFT_CSEC: '$$cap_auth_microsoft_csec'
            AUTH_GITHUB_CID: '$$cap_auth_github_cid'
            AUTH_GITHUB_CSEC: '$$cap_auth_github_csec'
            AUTH_TWITTER_CID: '$$cap_auth_twitter_cid'
            AUTH_TWITTER_CSEC: '$$cap_auth_twitter_csec'
            AUTH_PATREON_CID: '$$cap_auth_patreon_cid'
            AUTH_PATREON_CSEC: '$$cap_auth_patreon_csec'
            AUTH_TELEGRAM: '$$cap_auth_telegram'
            AUTH_YANDEX_CID: '$$cap_auth_yandex_cid'
            AUTH_YANDEX_CSEC: '$$cap_auth_yandex_csec'
            AUTH_DEV: '$$cap_auth_dev'
            AUTH_ANON: '$$cap_auth_anon'
            AUTH_EMAIL_ENABLE: '$$cap_auth_email_enable'
            AUTH_EMAIL_FROM: '$$cap_auth_email_from'
            AUTH_EMAIL_SUBJ: '$$cap_auth_email_subj'
            AUTH_EMAIL_CONTENT_TYPE: '$$cap_auth_email_content_type'
            NOTIFY_USERS: '$$cap_notify_users'
            NOTIFY_ADMINS: '$$cap_notify_admins'
            NOTIFY_QUEUE: '$$cap_notify_queue'
            NOTIFY_TELEGRAM_CHAN: '$$cap_notify_telegram_chan'
            NOTIFY_SLACK_TOKEN: '$$cap_notify_slack_token'
            NOTIFY_SLACK_CHAN: '$$cap_notify_slack_chan'
            NOTIFY_WEBHOOK_URL: '$$cap_notify_webhook_url'
            NOTIFY_WEBHOOK_HEADERS: '$$cap_notify_webhook_headers'
            NOTIFY_WEBHOOK_TIMEOUT: '$$cap_notify_webhook_timeout'
            NOTIFY_EMAIL_FROM: '$$cap_notify_email_fromAddress'
            NOTIFY_EMAIL_VERIFICATION_SUBJ: '$$cap_notify_email_verification_subj'
            TELEGRAM_TOKEN: '$$cap_telegram_token'
            TELEGRAM_TIMEOUT: '$$cap_telegram_timeout'
            SMTP_HOST: '$$cap_smtp_host'
            SMTP_PORT: '$$cap_smtp_port'
            SMTP_USERNAME: '$$cap_smtp_username'
            SMTP_PASSWORD: '$$cap_smtp_password'
            SMTP_TLS: '$$cap_smtp_tls'
            SMTP_TIMEOUT: '$$cap_smtp_timeout'
            SSL_TYPE: '$$cap_ssl_type'
            SSL_PORT: '$$cap_ssl_port'
            SSL_CERT: '$$cap_ssl_cert'
            SSL_KEY: '$$cap_ssl_key'
            SSL_ACME_LOCATION: '$$cap_ssl_acme_location'
            SSL_ACME_EMAIL: '$$cap_ssl_acme_email'
            MAX_COMMENT_SIZE: '$$cap_max_comment'
            MAX_VOTES: '$$cap_max_votes'
            VOTES_IP: '$$cap_votes_ip'
            ANON_VOTE: '$$cap_anon_vote'
            VOTES_IP_TIME: '$$cap_votes-ip_time'
            LOW_SCORE: '$$cap_low_score'
            CRITICAL_SCORE: '$$cap_critical_score'
            POSITIVE_SCORE: '$$cap_positive_score'
            RESTRICTED_WORDS: '$$cap_restricted_words'
            RESTRICTED_NAMES: '$$cap_restricted_names'
            EDIT_TIME: '$$cap_edit_time'
            ADMIN_EDIT: '$$cap_admin_edit'
            READONLY_AGE: '$$cap_read_age'
            IMAGE_PROXY_HTTP2HTTPS: '$$cap_image_proxy_http2https'
            IMAGE_PROXY_CACHE_EXTERNAL: '$$cap_image-proxy_cache_external'
            EMOJI: '$$cap_emoji'
            SIMPLE_VIEW: '$$cap_simple_view'
            PROXY_CORS: '$$cap_proxy_cors'
            ALLOWED_HOSTS: '$$cap_appname.$$cap_root_domain,$$cap_allowed_hosts'
            REMARK_ADDRESS: '$$cap_address'
            REMARK_PORT: '$$cap_port'
            REMARK_WEB_ROOT: '$$cap_web_root'
            UPDATE_LIMIT: '$$cap_update_limit'
            SUBSCRIBERS_ONLY: '$$cap_subscribers_only'
            ADMIN_PASSWD: '$$cap_admin_passwd'
            DEBUG: '$$cap_dbg'
        volumes:
            - $$cap_appname-data:/srv/var
        caproverExtra:
            containerHttpPort: '8080'
caproverOneClickApp:
    variables:
        - id: $$cap_tag_version
          label: Remark42 docker image tag
          defaultValue: 'v1.9.0'
          description: Valid tag from https://hub.docker.com/r/umputun/remark42/tags
          validRegex: /.+/
        - id: $$cap_secret
          label: SECRET
          defaultValue: '$$cap_gen_random_hex(10)'
          description: the shared secret key used to sign JWT, should be a random, long, hard-to-guess string
          validRegex: /.+/
        - id: $$cap_site
          label: SITE
          defaultValue: 'remark'
          description: site name(s), _multi_
        - id: $$cap_store_type
          label: STORE_TYPE
          defaultValue: 'bolt'
          description: type of storage, `bolt` or `rpc`
        - id: $$cap_store_bolt_path
          label: STORE_BOLT_PATH
          defaultValue: './var'
          description: parent directory for the bolt files
        - id: $$cap_store_bolt_timeout
          label: STORE_BOLT_TIMEOUT
          defaultValue: '30s'
          description: boltdb access timeout
        - id: $$cap_admin_shared_id
          label: ADMIN_SHARED_ID
          defaultValue: ''
          description: admin IDs (list of user IDs), _multi_
        - id: $$cap_admin_shared_email
          label: ADMIN_SHARED_EMAIL
          defaultValue: ''
          description: admin emails, _multi_
        - id: $$cap_backup
          label: BACKUP_PATH
          defaultValue: './var/backup'
          description: backups location
        - id: $$cap_max_back
          label: MAX_BACKUP_FILES
          defaultValue: '10'
          description: max backup files to keep
        - id: $$cap_cache_type
          label: CACHE_TYPE
          defaultValue: 'mem'
          description: type of cache, `redis_pub_sub` or `mem` or `none`
        - id: $$cap_cache_redis_addr
          label: CACHE_REDIS_ADDR
          defaultValue: '127.0.0.1:6379'
          description: address of Redis PubSub instance, turn `redis_pub_sub` cache on for distributed cache
        - id: $$cap_cache_max_items
          label: CACHE_MAX_ITEMS
          defaultValue: '1000'
          description: max number of cached items, `0` - unlimited
        - id: $$cap_cache_max_value
          label: CACHE_MAX_VALUE
          defaultValue: '65536'
          description: max size of the cached value, `0` - unlimited
        - id: $$cap_cache_max_size
          label: CACHE_MAX_SIZE
          defaultValue: '50000000'
          description: max size of all cached values, `0` - unlimited
        - id: $$cap_avatar_type
          label: AVATAR_TYPE
          defaultValue: 'fs'
          description: type of avatar storage, `fs`, `bolt`, or `uri`
        - id: $$cap_avatar_fs_path
          label: AVATAR_FS_PATH
          defaultValue: './var/avatars'
          description: avatars location for `fs` store
        - id: $$cap_avatar_bolt_file
          label: AVATAR_BOLT_FILE
          defaultValue: './var/avatars.db'
          description: avatars bolt file location
        - id: $$cap_avatar_uri
          label: AVATAR_URI
          defaultValue: './var/avatars'
          description: avatars store URI
        - id: $$cap_avatar_rsz_lmt
          label: AVATAR_RSZ_LMT
          defaultValue: '0 (disabled)'
          description: max image size for resizing avatars on save
        - id: $$cap_image_type
          label: IMAGE_TYPE
          defaultValue: 'fs'
          description: type of image storage, `fs`, `bolt`
        - id: $$cap_image_max_size
          label: IMAGE_MAX_SIZE
          defaultValue: '5000000'
          description: max size of image file
        - id: $$cap_image_fs_path
          label: IMAGE_FS_PATH
          defaultValue: './var/pictures'
          description: permanent location of images
        - id: $$cap_image_fs_staging
          label: IMAGE_FS_STAGING
          defaultValue: './var/pictures.staging'
          description: staging location of images
        - id: $$cap_image_fs_partitions
          label: IMAGE_FS_PARTITIONS
          defaultValue: '100'
          description: number of image partitions
        - id: $$cap_image_bolt_file
          label: IMAGE_BOLT_FILE
          defaultValue: '/var/pictures.db'
          description: images bolt file location
        - id: $$cap_image_resize_width
          label: IMAGE_RESIZE_WIDTH
          defaultValue: '2400'
          description: width of a resized image
        - id: $$cap_image_resize_height
          label: IMAGE_RESIZE_HEIGHT
          defaultValue: '900'
          description: height of a resized image
        - id: $$cap_auth_ttl_jwt
          label: AUTH_TTL_JWT
          defaultValue: '5m'
          description: JWT TTL
        - id: $$cap_auth_ttl_cookie
          label: AUTH_TTL_COOKIE
          defaultValue: '200h'
          description: cookie TTL
        - id: $$cap_auth_send_jwt_header
          label: AUTH_SEND_JWT_HEADER
          defaultValue: 'false'
          description: send JWT as a header instead of a cookie
          validRegex: /^(false|true)$/
        - id: $$cap_auth_same_site
          label: AUTH_SAME_SITE
          defaultValue: 'default'
          description: set same site policy for cookies (`default`, `none`, `lax` or `strict`)
        - id: $$cap_auth_google_cid
          label: AUTH_GOOGLE_CID
          defaultValue: ''
          description: Google OAuth client ID
        - id: $$cap_auth_google_csec
          label: AUTH_GOOGLE_CSEC
          defaultValue: ''
          description: Google OAuth client secret
        - id: $$cap_auth_facebook_cid
          label: AUTH_FACEBOOK_CID
          defaultValue: ''
          description: Facebook OAuth client ID
        - id: $$cap_auth_facebook_csec
          label: AUTH_FACEBOOK_CSEC
          defaultValue: ''
          description: Facebook OAuth client secret
        - id: $$cap_auth_microsoft_cid
          label: AUTH_MICROSOFT_CID
          defaultValue: ''
          description: Microsoft OAuth client ID
        - id: $$cap_auth_microsoft_csec
          label: AUTH_MICROSOFT_CSEC
          defaultValue: ''
          description: Microsoft OAuth client secret
        - id: $$cap_auth_github_cid
          label: AUTH_GITHUB_CID
          defaultValue: ''
          description: GitHub OAuth client ID
        - id: $$cap_auth_github_csec
          label: AUTH_GITHUB_CSEC
          defaultValue: ''
          description: GitHub OAuth client secret
        - id: $$cap_auth_twitter_cid
          label: AUTH_TWITTER_CID
          defaultValue: ''
          description: Twitter Consumer API Key
        - id: $$cap_auth_twitter_csec
          label: AUTH_TWITTER_CSEC
          defaultValue: ''
          description: Twitter Consumer API Secret key
        - id: $$cap_auth_patreon_cid
          label: AUTH_PATREON_CID
          defaultValue: ''
          description: Patreon OAuth Client ID
        - id: $$cap_auth_patreon_csec
          label: AUTH_PATREON_CSEC
          defaultValue: ''
          description: Patreon OAuth Client Secret
        - id: $$cap_auth_telegram
          label: AUTH_TELEGRAM
          defaultValue: 'false'
          description: Enable Telegram auth (telegram.token must be present)
          validRegex: /^(false|true)$/
        - id: $$cap_auth_yandex_cid
          label: AUTH_YANDEX_CID
          defaultValue: ''
          description: Yandex OAuth client ID
        - id: $$cap_auth_yandex_csec
          label: AUTH_YANDEX_CSEC
          defaultValue: ''
          description: Yandex OAuth client secret
        - id: $$cap_auth_dev
          label: AUTH_DEV
          defaultValue: 'false'
          description: local OAuth2 server, development mode only
          validRegex: /^(false|true)$/
        - id: $$cap_auth_anon
          label: AUTH_ANON
          defaultValue: 'false'
          description: enable anonymous login
          validRegex: /^(false|true)$/
        - id: $$cap_auth_email_enable
          label: AUTH_EMAIL_ENABLE
          defaultValue: 'false'
          description: enable auth via email
          validRegex: /^(false|true)$/
        - id: $$cap_auth_email_from
          label: AUTH_EMAIL_FROM
          defaultValue: ''
          description: email from
        - id: $$cap_auth_email_subj
          label: AUTH_EMAIL_SUBJ
          defaultValue: 'remark42 confirmation'
          description: email subject
        - id: $$cap_auth_email_content_type
          label: AUTH_EMAIL_CONTENT_TYPE
          defaultValue: 'text/html'
          description: email content type
        - id: $$cap_notify_users
          label: NOTIFY_USERS
          defaultValue: 'none'
          description: type of user notifications (Telegram, email)
        - id: $$cap_notify_admins
          label: NOTIFY_ADMINS
          defaultValue: 'none'
          description: type of admin notifications (Telegram, Slack, webhook and/or email)
        - id: $$cap_notify_queue
          label: NOTIFY_QUEUE
          defaultValue: '100'
          description: size of notification queue
        - id: $$cap_notify_telegram_chan
          label: NOTIFY_TELEGRAM_CHAN
          defaultValue: ''
          description: the ID of telegram channel for admin notifications
        - id: $$cap_notify_slack_token
          label: NOTIFY_SLACK_TOKEN
          defaultValue: ''
          description: Slack token
        - id: $$cap_notify_slack_chan
          label: NOTIFY_SLACK_CHAN
          defaultValue: 'general'
          description: Slack channel for admin notifications
        - id: $$cap_notify_webhook_url
          label: NOTIFY_WEBHOOK_URL
          defaultValue: ''
          description: Webhook notification URL for admin notifications
        - id: $$cap_notify_webhook_template
          label: NOTIFY_WEBHOOK_TEMPLATE
          defaultValue: '{\"text\": \"{{.Text}}\"}'
          description: Webhook payload template
        - id: $$cap_notify_webhook_headers
          label: NOTIFY_WEBHOOK_HEADERS
          defaultValue: ''
          description: HTTP header in format Header1:Value1,Header2:Value2,...
        - id: $$cap_notify_webhook_timeout
          label: NOTIFY_WEBHOOK_TIMEOUT
          defaultValue: '5s'
          description: Webhook connection timeout
        - id: $$cap_notify_email_fromAddress
          label: NOTIFY_EMAIL_FROM
          defaultValue: ''
          description: from email address
        - id: $$cap_notify_email_verification_subj
          label: NOTIFY_EMAIL_VERIFICATION_SUBJ
          defaultValue: 'Email verification'
          description: verification message subject
        - id: $$cap_telegram_token
          label: TELEGRAM_TOKEN
          defaultValue: ''
          description: Telegram token (used for auth and Telegram notifications)
        - id: $$cap_telegram_timeout
          label: TELEGRAM_TIMEOUT
          defaultValue: '5s'
          description: Telegram connection timeout
        - id: $$cap_smtp_host
          label: SMTP_HOST
          defaultValue: ''
          description: SMTP host
        - id: $$cap_smtp_port
          label: SMTP_PORT
          defaultValue: ''
          description: SMTP port
        - id: $$cap_smtp_username
          label: SMTP_USERNAME
          defaultValue: ''
          description: SMTP user name
        - id: $$cap_smtp_password
          label: SMTP_PASSWORD
          defaultValue: ''
          description: SMTP password
        - id: $$cap_smtp_tls
          label: SMTP_TLS
          defaultValue: 'false'
          description: enable TLS for SMTP
          validRegex: /^(false|true)$/
        - id: $$cap_smtp_timeout
          label: SMTP_TIMEOUT
          defaultValue: '10s'
          description: SMTP TCP connection timeout
        - id: $$cap_ssl_type
          label: SSL_TYPE
          defaultValue: 'none'
          description: '`none`-HTTP, `static`-HTTPS, `auto`-HTTPS + le'
        - id: $$cap_ssl_port
          label: SSL_PORT
          defaultValue: '8443'
          description: port for HTTPS server
        - id: $$cap_ssl_cert
          label: SSL_CERT
          defaultValue: ''
          description: path to the cert.pem file
        - id: $$cap_ssl_key
          label: SSL_KEY
          defaultValue: ''
          description: path to the key.pem file
        - id: $$cap_ssl_acme_location
          label: SSL_ACME_LOCATION
          defaultValue: './var/acme'
          description: dir where obtained le-certs will be stored
        - id: $$cap_ssl_acme_email
          label: SSL_ACME_EMAIL
          defaultValue: ''
          description: admin email for receiving notifications from LE
        - id: $$cap_max_comment
          label: MAX_COMMENT_SIZE
          defaultValue: '2048'
          description: comment's size limit
        - id: $$cap_max_votes
          label: MAX_VOTES
          defaultValue: '-1'
          description: votes limit per comment, `-1` - unlimited
        - id: $$cap_votes_ip
          label: VOTES_IP
          defaultValue: 'false'
          description: restrict votes from the same IP
          validRegex: /^(false|true)$/
        - id: $$cap_anon_vote
          label: ANON_VOTE
          defaultValue: 'false'
          description: allow voting for anonymous users, require VOTES_IP to be enabled as well
          validRegex: /^(false|true)$/
        - id: $$cap_votes_ip_time
          label: VOTES_IP_TIME
          defaultValue: '5m'
          description: same IP vote restriction time, `0s` - unlimited
        - id: $$cap_low_score
          label: LOW_SCORE
          defaultValue: '-5'
          description: low score threshold
        - id: $$cap_critical_score
          label: CRITICAL_SCORE
          defaultValue: '-10'
          description: critical score threshold
        - id: $$cap_positive_score
          label: POSITIVE_SCORE
          defaultValue: 'false'
          description: restricts comment's score to be only positive
          validRegex: /^(false|true)$/
        - id: $$cap_restricted_words
          label: RESTRICTED_WORDS
          defaultValue: ''
          description: words banned in comments (can use `*`), _multi_
        - id: $$cap_restricted_names
          label: RESTRICTED_NAMES
          defaultValue: ''
          description: names prohibited to use by the user, _multi_
        - id: $$cap_edit_time
          label: EDIT_TIME
          defaultValue: '5m'
          description: edit window
        - id: $$cap_admin_edit
          label: ADMIN_EDIT
          defaultValue: 'false'
          description: unlimited edit for admins
          validRegex: /^(false|true)$/
        - id: $$cap_read_age
          label: READONLY_AGE
          defaultValue: ''
          description: read-only age of comments, days
        - id: $$cap_image_proxy_http2https
          label: IMAGE_PROXY_HTTP2HTTPS
          defaultValue: 'false'
          description: enable HTTP->HTTPS proxy for images
          validRegex: /^(false|true)$/
        - id: $$cap_image_proxy_cache_external
          label: IMAGE_PROXY_CACHE_EXTERNAL
          defaultValue: 'false'
          description: enable caching external images to current image storage
          validRegex: /^(false|true)$/
        - id: $$cap_emoji
          label: EMOJI
          defaultValue: 'false'
          description: enable emoji support
          validRegex: /^(false|true)$/
        - id: $$cap_simple_view
          label: SIMPLE_VIEW
          defaultValue: 'false'
          description: minimized UI with basic info only
          validRegex: /^(false|true)$/
        - id: $$cap_proxy_cors
          label: PROXY_CORS
          defaultValue: 'false'
          description: disable internal CORS and delegate it to proxy
          validRegex: /^(false|true)$/
        - id: $$cap_allowed_hosts
          label: ALLOWED_HOSTS
          defaultValue: ''
          description: limit hosts/sources allowed to embed comments, enable all by default
        - id: $$cap_address
          label: REMARK_ADDRESS
          defaultValue: ''
          description: web server listening address, all interfaces by default
        - id: $$cap_port
          label: REMARK_PORT
          defaultValue: '8080'
          description: web server port
        - id: $$cap_web_root
          label: REMARK_WEB_ROOT
          defaultValue: './web'
          description: web server root directory
        - id: $$cap_update_limit
          label: UPDATE_LIMIT
          defaultValue: '0.5'
          description: updates/sec limit
        - id: $$cap_subscribers_only
          label: SUBSCRIBERS_ONLY
          defaultValue: 'false'
          description: enable commenting only for Patreon subscribers
          validRegex: /^(false|true)$/
        - id: $$cap_admin_passwd
          label: ADMIN_PASSWD
          defaultValue: ''
          description: password for `admin` basic auth
        - id: $$cap_dbg
          label: DEBUG
          defaultValue: 'false'
          description: debug mode
          validRegex: /^(false|true)$/
    instructions:
        start: |-
            See description of the parameters below [in the documentation](https://remark42.com/docs/configuration/parameters/).

            _multi_ parameters separated by `,` in the environment, like `ADMIN_SHARED_EMAIL=admin@example.org,admin2@example.org`
        end: |-
            Done, Remark42 will be accessible at <https://$$cap_appname.$$cap_root_domain/web/> in a minute.

            You must **enable HTTPS** for this application as otherwise, it won't work. Then verify that it works by the URL above and then follow [documentation on installation](https://remark42.com/docs/getting-started/installation/) to add comments to your site.

            While following the installation guide, set `YOUR_SITE_ID` to `$$cap_site` and `REMARK_URL` to `https://$$cap_appname.$$cap_root_domain`, and then add your site domain name to `ALLOWED_HOSTS`.
    displayName: Remark42
    isOfficial: true
    description: Self-hosted, lightweight, and simple (yet functional) comment engine, which doesn't spy on users. It can be embedded into blogs, articles or any other place where readers add comments.
    documentation: Taken from https://github.com/umputun/remark42