#
#   Copyright © 2021,2022 IsardVDI S.L.
#
#   This file is part of DD
#
#   DD is free software: you can redistribute it and/or modify
#   it under the terms of the GNU Affero General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or (at your
#   option) any later version.
#
#   DD is distributed in the hope that it will be useful, but WITHOUT ANY
#   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
#   FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
#   details.
#
#   You should have received a copy of the GNU Affero General Public License
#   along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
services:
  dd-sso-keycloak:
    image: ${KEYCLOAK_IMG}
    build:
      context: ${BUILD_SSO_ROOT_PATH}/docker/keycloak
      args:
        - IMG=${KEYCLOAK_IMG}
    container_name: dd-sso-keycloak
    hostname: sso.${DOMAIN}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons/realm:/opt/keycloak/data/import/
      # - ${BUILD_SSO_ROOT_PATH}/init/keycloak/scripts/:/opt/keycloak/startup-scripts/
      - ${CUSTOM_PATH}/custom/img:/opt/keycloak/themes/dd/login/resources/custom-img
      - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/themes/dd-custom:/opt/keycloak/themes/dd-custom
      # - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
    environment:
      - AVATARS_SERVER_URL=http://dd-sso-avatars:9000
      - AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
      - AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
      - KEYCLOAK_IMPORT=/opt/keycloak/data/import/realm.json
      - KC_DB=postgres
      - KC_DB_URL=jdbc:postgresql://${KEYCLOAK_DB_ADDR}:5432/${KEYCLOAK_DB_DATABASE}
      - KC_DB_USERNAME=${KEYCLOAK_DB_USER}
      - KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
      - KC_TRANSACTION_XA_ENABLED=false
      - KC_HOSTNAME_STRICT=false
      - KC_HTTP_ENABLED=true
      - KC_HTTP_PORT=8080
      - KC_HOSTNAME_STRICT_HTTPS=false
      - KEYCLOAK_ADMIN=${KEYCLOAK_USER}
      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD}
      # - PROXY_ADDRESS_FORWARDING=true
      - KC_HOSTNAME_URL=https://sso.${DOMAIN}/auth/
      - KC_HOSTNAME_ADMIN_URL=https://sso.${DOMAIN}/auth/
      - DDADMIN_USER=${DDADMIN_USER}
      - DDADMIN_PASSWORD=${DDADMIN_PASSWORD}
      - DDDOMAIN=${DOMAIN}
      # - JAVA_OPTS_APPEND=-Dkeycloak.migration.strategy=OVERWRITE_EXISTING
    command:
      - start --proxy edge --hostname-strict=false --import-realm --http-relative-path=/auth
    depends_on:
      - ${KEYCLOAK_DB_ADDR}
    restart: unless-stopped
    networks:
      - dd_net
    logging:
      driver: "json-file"
      options:
        max-size: "5m"
        max-file: "10"