version: '3'

services:
#  keycloak-wip:
#    #image: quay.io/keycloak/keycloak:19.0
#    build:
#      dockerfile: Dockerfile
#      context: .
#    container_name: keycloak_keycloak
#    volumes:
#      - $KEYCLOAK_DATA/import:/opt/keycloak/data/import
#    networks:
#      web:
#        aliases:
#          - keycloak
#      keycloak:
#    restart: "no"
#    command: start --db=postgres --features=token-exchange  #--hostname-url=https://keycloak.jafner.net --proxy=passthrough
#    env_file:
#      - keycloak.env
#      - keycloak_secrets.env
#    labels:
#      traefik.http.routers.keycloak.rule: Host(`keycloak.jafner.net`)
#      traefik.http.routers.keycloak.tls.certresolver: lets-encrypt
#      #traefik.http.routers.keycloak.middlewares: lan-only@file
#      traefik.http.services.keycloak.loadbalancer.server.port: 8080
  
  keycloak:
    image: quay.io/keycloak/keycloak:19.0
    container_name: keycloak_keycloak
    volumes:
      - $KEYCLOAK_DATA:/opt/keycloak/data
    networks:
      web:
        aliases:
          - keycloak
    restart: "no"
    command: start-dev --hostname-url=https://keycloak.jafner.net --proxy=passthrough
    healthcheck: 
      test: ["CMD", "curl", "-f", "http://0.0.0.0:8080"]
      interval: 2m
      timeout: 10s
      retries: 3
      start_period: 10s
    env_file:
      - keycloak.env
      - keycloak_secrets.env
    labels:
      traefik.http.routers.keycloak.rule: Host(`keycloak.jafner.net`)
      traefik.http.routers.keycloak.tls.certresolver: lets-encrypt
      #traefik.http.routers.keycloak.middlewares: lan-only@file
      traefik.http.services.keycloak.loadbalancer.server.port: 8080
  
  forwardauth:
    image: mesosphere/traefik-forward-auth:3.1.0
    container_name: keycloak_forwardauth
    networks:
      web:
        aliases:
          - forwardauth
    restart: "no"
    depends_on:
      - keycloak
    env_file:
      - forwardauth.env
      - forwardauth_secrets.env
    labels:
      - "traefik.enable=false"
      - "traefik.http.routers.forwardauth.rule=Path(`/_oauth`)"
      - "traefik.http.routers.forwardauth.tls.certresolver=lets-encrypt"

  forwardauth-privileged:
    image: mesosphere/traefik-forward-auth:3.1.0
    container_name: keycloak_forwardauth-privileged
    command: "./traefik-forward-auth --whitelist=jafner425@gmail.com"
    networks:
      web:
        aliases:
          - forwardauth-privileged
    restart: "no"
    depends_on:
      - keycloak
    env_file:
      - forwardauth-privileged.env
      - forwardauth-privileged_secrets.env
    labels:
      - "traefik.enable=false"
      - "traefik.http.routers.forwardauth-privileged.rule=Path(`/_oauth`)"
      - "traefik.http.routers.forwardauth-privileged.tls.certresolver=lets-encrypt"
  
#  postgres:
#    image: postgres:13
#    container_name: keycloak_postgres
#    networks:
#      - keycloak
#    env_file:
#      - postgres_secrets.env
#    volumes:
#      - postgres_data:/var/lib/postgresql/data

networks:
  web:
    external: true
#  keycloak:

#volumes:
#  postgres_data: