# Docker Compose file for testing Keycloak, Temporal, and Fedwiki integration
# Remember, this is for testing purposes only and not for production use

services:
  keycloak:
    image: quay.io/keycloak/keycloak:26.4.7
    command: start-dev
    environment:
      - KC_BOOTSTRAP_ADMIN_USERNAME=admin
      - KC_BOOTSTRAP_ADMIN_PASSWORD=admin
      - KC_HEALTH_ENABLED=true
      - KC_HOSTNAME=keycloak.localhost
      - KC_HOSTNAME_STRICT=false
    healthcheck:
      test:
        - "CMD-SHELL"
        - |
          exec 3<>/dev/tcp/127.0.0.1/9000;
          echo -e "GET /health/ready HTTP/1.1\r\nHost: localhost:9000\r\nConnection: close\r\n\r\n" >&3;
          if cat <&3 | grep -q "\"status\": \"UP\""; then
            exit 0
          else
            exit 1
          fi
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    volumes:
      - ./data/keycloak/h2:/opt/keycloak/data/h2
    networks:
      default:
        aliases:
          - keycloak.localhost
    ports:
      - "8080:8080"

  temporal-db:
    image: postgres:18.1
    environment:
      - POSTGRES_USER=temporal
      - POSTGRES_PASSWORD=temporal
      - POSTGRES_DB=temporal
    volumes:
      - ./data/temporal:/var/lib/postgresql

  temporal:
    image: temporalio/auto-setup:1.29.1
    depends_on:
      - temporal-db
    command: "autosetup"
    environment:
      - SERVICES=frontend:history:matching:worker:internal-frontend
      - DB=postgres12
      - DB_PORT=5432
      - POSTGRES_USER=temporal
      - POSTGRES_PWD=temporal
      - POSTGRES_SEEDS=temporal-db
      - SKIP_DEFAULT_NAMESPACE_CREATION=true
      - TEMPORAL_AUTH_AUTHORIZER=default
      - TEMPORAL_AUTH_CLAIM_MAPPER=default
      - TEMPORAL_JWT_KEY_SOURCE1=http://keycloak.localhost:8080/realms/master/protocol/openid-connect/certs
      - USE_INTERNAL_FRONTEND=true
    ports:
      - "7233:7233"

  temporal-admin-tools:
    image: temporalio/admin-tools:1.29
    depends_on:
      - temporal
    environment:
      - TEMPORAL_ADDRESS=temporal:7236
      - TEMPORAL_CLI_ADDRESS=temporal:7236
  
  temporal-ui:
    image: temporalio/ui:2.41.0
    depends_on:
      temporal:
        condition: service_started
      keycloak:
        condition: service_healthy
    environment:
      - TEMPORAL_ADDRESS=temporal:7233
      - TEMPORAL_UI_PORT=8233
      - TEMPORAL_CORS_ORIGINS=http://localhost:8233
      - TEMPORAL_AUTH_ENABLED=true
      - TEMPORAL_AUTH_PROVIDER_URL=http://keycloak.localhost:8080/realms/master
      - TEMPORAL_AUTH_ISSUER_URL=http://keycloak.localhost:8080/realms/master
      - TEMPORAL_AUTH_CLIENT_ID=temporal-ui
      - TEMPORAL_AUTH_CLIENT_SECRET=HtRpQ1qZKuauyAqVV0x7r10a1YhVePy9
      - TEMPORAL_AUTH_CALLBACK_URL=http://localhost:8233/auth/sso/callback
      - TEMPORAL_AUTH_SCOPES=openid,profile,email
      - LOG_LEVEL=debug
    ports:
      - "8233:8233"

  fedwiki:
    image: git.coopcloud.tech/wiki-cafe/fedwiki-oci-image:0.38.6-2
    # Unfortunately, fedwiki shits itself if you don't use port 80 when using passportjs
    command: wiki -p 80 --farm --security_type composable --auth_provider wiki-security-passportjs --authz_enhancers wiki-plugin-useraccesstokens
    volumes:
      - ./data/fedwiki:/home/node/.wiki
    ports:
      - "80:80"