services:
  ############################################ Keycloak
  login-db:
    image: docker.verbis.dkfz.de/cache/postgres:15.1-alpine
    container_name: bridgehead-login-db
    environment:
      POSTGRES_USER: "keycloak"
      POSTGRES_PASSWORD: "${KEYCLOAK_DB_PASSWORD}" # Set in login-setup.sh
      POSTGRES_DB: "keycloak"
    volumes:
      - "bridgehead-login-db:/var/lib/postgresql/data"

  login:
    image: docker.verbis.dkfz.de/ccp/dktk-keycloak:latest
    container_name: bridgehead-login
    environment:
      KEYCLOAK_ADMIN: "admin"
      KEYCLOAK_ADMIN_PASSWORD: "${LDM_PASSWORD}"
      TEILER_ADMIN: "${PROJECT}"
      TEILER_ADMIN_PASSWORD: "${LDM_PASSWORD}"
      TEILER_ADMIN_FIRST_NAME: "${OPERATOR_FIRST_NAME}"
      TEILER_ADMIN_LAST_NAME: "${OPERATOR_LAST_NAME}"
      TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
      KC_DB_PASSWORD: "${KEYCLOAK_DB_PASSWORD}" # Set in login-setup.sh
      KC_HOSTNAME_URL: "https://${HOST}/login"
      KC_HOSTNAME_STRICT: "false"
      KC_PROXY_ADDRESS_FORWARDING: "true"
      TEILER_ROOT_CONFIG_EXTERN_URL: "https://${HOST}/ccp-teiler"
    command:
      - start-dev --import-realm --proxy edge --http-relative-path=/login
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.login.rule=PathPrefix(`/login`)"
      - "traefik.http.services.login.loadbalancer.server.port=8080"
      - "traefik.http.routers.login.tls=true"
    depends_on:
      - login-db

volumes:
  bridgehead-login-db:
    name: "bridgehead-login-db"