networks:
  legalconsenthub-net:
    driver: bridge

volumes:
  legalconsenthub_postgres_data:
  keycloak_postgres_data:

services:
  backend:
    image: gitea.lugnas.de/denis/legalconsenthub-backend:latest
    container_name: legalconsenthub-backend
    environment:
      LEGALCONSENTHUB_DB_URL: jdbc:postgresql://legalconsenthub-db:5432/${LEGALCONSENTHUB_POSTGRES_DB}
      LEGALCONSENTHUB_DB_APP_USER: ${LEGALCONSENTHUB_POSTGRES_USER}
      LEGALCONSENTHUB_DB_PASSWORD: ${LEGALCONSENTHUB_POSTGRES_PASSWORD}
      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: ${KEYCLOAK_ISSUER_URL}/realms/${KEYCLOAK_REALM}
      SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: ${KEYCLOAK_ISSUER_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs
      SERVER_PORT: 8080
    ports:
      - "8080:8080"
    depends_on:
      legalconsenthub-db:
        condition: service_healthy
      keycloak:
        condition: service_healthy
    networks:
      - legalconsenthub-net
    # healthcheck:
    #   test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:8080/actuator/health || exit 1"]
    #   interval: 30s
    #   timeout: 10s
    #   retries: 3
    #   start_period: 60s
    env_file:
      - .env.prod

  frontend:
    image: gitea.lugnas.de/denis/legalconsenthub:latest
    container_name: legalconsenthub-frontend
    ports:
      - "3210:3000"
    depends_on:
      keycloak:
        condition: service_healthy
      # backend:
      #   condition: service_healthy
    networks:
      - legalconsenthub-net
    env_file:
      - .env.prod

  keycloak:
    image: quay.io/keycloak/keycloak:26.4.0
    container_name: legalconsenthub-keycloak
    command: start-dev
    environment:
      KC_DB: postgres
      KC_DB_URL_HOST: keycloak-db
      KC_DB_URL_PORT: 5432
      KC_DB_USERNAME: ${KEYCLOAK_POSTGRES_USER}
      KC_DB_PASSWORD: ${KEYCLOAK_POSTGRES_PASSWORD}
      KC_DB_DATABASE: ${KEYCLOAK_POSTGRES_DB}
      KC_DB_SCHEMA: public
      KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
      KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
      KC_HOSTNAME_STRICT: false
      KC_HTTP_ENABLED: true
      KC_HEALTH_ENABLED: true
    ports:
      - "7080:8080"
    depends_on:
      keycloak-db:
        condition: service_healthy
    networks:
      - legalconsenthub-net
    env_file:
      - .env.prod
    healthcheck:
      test: ["CMD-SHELL", "curl --head -fsS http://localhost:9000/health/ready | echo $?"]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 40s

  keycloak-db:
    image: postgres:latest
    container_name: legalconsenthub-keycloak-postgres
    environment:
      POSTGRES_USER: ${KEYCLOAK_POSTGRES_USER}
      POSTGRES_PASSWORD: ${KEYCLOAK_POSTGRES_PASSWORD}
      POSTGRES_DB: ${KEYCLOAK_POSTGRES_DB}
    ports:
      - "5445:5432"
    networks:
      - legalconsenthub-net
    volumes:
      - keycloak_postgres_data:/var/lib/postgresql
    env_file:
      - .env.prod
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${KEYCLOAK_POSTGRES_USER} -d $${KEYCLOAK_POSTGRES_DB}"]
      interval: 10s
      retries: 5
      start_period: 30s
      timeout: 10s

  legalconsenthub-db:
    image: postgres:latest
    container_name: legalconsenthub-postgres
    environment:
      POSTGRES_USER: ${LEGALCONSENTHUB_POSTGRES_USER}
      POSTGRES_PASSWORD: ${LEGALCONSENTHUB_POSTGRES_PASSWORD}
      POSTGRES_DB: ${LEGALCONSENTHUB_POSTGRES_DB}
    ports:
      - "5444:5432"
    networks:
      - legalconsenthub-net
    volumes:
      - legalconsenthub_postgres_data:/var/lib/postgresql
    env_file:
      - .env.prod
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${LEGALCONSENTHUB_POSTGRES_USER} -d $${LEGALCONSENTHUB_POSTGRES_DB}"]
      interval: 10s
      retries: 5
      start_period: 30s
      timeout: 10s