5.3 Configuration Management

environment:
  # PostgreSQL
  POSTGRES_HOST: postgres
  POSTGRES_USER: admin
  POSTGRES_PASSWORD: [SECRET]
  POSTGRES_DB: database_name
  
  # MariaDB
  DB_HOST: mariadb
  DB_USERNAME: username
  DB_PASSWORD: [SECRET]
  DB_DATABASE: database_name

environment:
  # Application settings
  APP_URL: https://service.domain.me
  TZ: America/New_York
  
  # User/Group settings (LinuxServer containers)
  PUID: 1000
  PGID: 1000
  
  # Feature toggles
  ENABLE_REGISTRATION: false
  DEBUG_MODE: false

environment:
  # Secret keys
  SECRET_KEY: [SECRET]
  APP_KEY: [SECRET]
  
  # Authentication
  OAUTH_CLIENT_ID: [SECRET]
  OAUTH_CLIENT_SECRET: [SECRET]

# Secret definition
secrets:
  cloudflare_api_token:
    file: /mnt/swarm-data/traefik/cloudflare_api_token.txt

# Secret usage in service
services:
  traefik:
    secrets:
      - cloudflare_api_token
    environment:
      - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token

# External configuration files
volumes:
  - /mnt/swarm-data/service/config.yml:/app/config.yml:ro
  - /mnt/swarm-data/nginx/nginx.conf:/etc/nginx/nginx.conf:ro

# Production vs Development patterns
/mnt/swarm-data/
├── webservers/
│   ├── production/
│   │   └── nginx/
│   └── testing/
│       └── nginx/
└── webfiles/
    ├── production/
    └── testing/

# Read-only configuration
- type: bind
  source: /mnt/swarm-data/service/config
  target: /app/config
  read_only: true

# Read-write data
- type: bind
  source: /mnt/swarm-data/service/data
  target: /app/data
  read_only: false

# Named volume (managed by Docker)
volumes:
  - service_data:/app/data

# Centralized backup location
/mnt/swarm-data/
├── service1/
│   ├── data/     # Application data
│   ├── config/   # Configuration files
│   └── backup/   # Service-specific backups
└── service2/
    ├── data/
    ├── config/
    └── backup/