services:
  keycloak:
    image: keycloak/keycloak:26.1
    container_name: keycloak
    environment:
      KC_BOOTSTRAP_ADMIN_USERNAME: admin
      KC_BOOTSTRAP_ADMIN_PASSWORD: admin # temporay password to change when first time logged in
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: ${POSTGRES_USER}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
      KC_METRICS_ENABLED: "true"
      KC_HEALTH_ENABLED: "true"
      KC_LOG_LEVEL: INFO
      KC_HOSTNAME: http://auth.localhost
      KC_PROXY: edge
      KC_HTTP_ENABLED: "true"
    volumes:
      - ./keycloak/themes:/opt/keycloak/providers/
    depends_on:
      keycloak-database:
        condition: service_healthy
    command:
      - start-dev
      - --http-enabled=true
      - --proxy-headers=xforwarded

  keycloak-database:
    image: postgres:17
    container_name: postgres
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    volumes:
      - ./postgres/data:/var/lib/postgresql/data # save data in a volume
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5

  nginx:
    image: nginx
    container_name: nginx
    ports:
      - 80:80
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
    depends_on:
      - keycloak