services: postgres: image: postgres:16-alpine container_name: ecosplay-auth-db restart: unless-stopped environment: POSTGRES_DB: keycloak POSTGRES_USER: keycloak POSTGRES_PASSWORD: keycloak volumes: - postgres_data:/var/lib/postgresql/data networks: - keycloak-net healthcheck: test: ["CMD-SHELL", "pg_isready -U keycloak"] interval: 10s timeout: 5s retries: 5 keycloak: image: quay.io/keycloak/keycloak:26.0 container_name: ecosplay-auth-keycloak restart: unless-stopped command: ["start", "--import-realm"] environment: KC_DB: postgres KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak KC_DB_USERNAME: keycloak KC_DB_PASSWORD: keycloak KC_HOSTNAME: https://auth.e-cosplay.fr KC_HTTP_ENABLED: "true" KC_PROXY_HEADERS: xforwarded KC_HEALTH_ENABLED: "true" KC_METRICS_ENABLED: "true" KC_BOOTSTRAP_ADMIN_USERNAME: admin KC_BOOTSTRAP_ADMIN_PASSWORD: admin ports: - "127.0.0.1:9450:8080" volumes: - ./themes/ecosplay:/opt/keycloak/themes/ecosplay:ro - ./realms:/opt/keycloak/data/import:ro healthcheck: test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/9000 && printf 'GET /health/ready HTTP/1.0\\r\\nHost: localhost\\r\\n\\r\\n' >&3 && grep -q UP <&3"] interval: 10s timeout: 5s retries: 30 start_period: 120s depends_on: postgres: condition: service_healthy networks: - keycloak-net keycloak-init: image: quay.io/keycloak/keycloak:26.0 container_name: ecosplay-auth-init depends_on: keycloak: condition: service_healthy environment: KC_SERVER: http://keycloak:8080 KC_ADMIN: admin KC_ADMIN_PASSWORD: admin SMTP_HOST: email-smtp.eu-west-3.amazonaws.com SMTP_PORT: "587" SMTP_FROM: auth@e-cosplay.fr SMTP_FROM_DISPLAY_NAME: E-Cosplay SMTP_USER: AKIAWTT2T22CWBRBBDYN SMTP_PASSWORD: BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP LOGIN_THEME: ecosplay ECOSPLAY_GROUPS: "gp_asso gp_contest gp_mail gp_mailling gp_member gp_ndd gp_sign gp_ticket super_admin_asso superadmin" entrypoint: ["/bin/bash", "-c"] command: - | set -e until /opt/keycloak/bin/kcadm.sh config credentials \ --server "$$KC_SERVER" \ --realm master \ --user "$$KC_ADMIN" \ --password "$$KC_ADMIN_PASSWORD" >/dev/null 2>&1; do echo "Waiting for Keycloak to be ready..." sleep 5 done echo "Keycloak ready, configuring master realm (SMTP + theme)..." /opt/keycloak/bin/kcadm.sh update realms/master \ -s "smtpServer.host=$$SMTP_HOST" \ -s "smtpServer.port=$$SMTP_PORT" \ -s "smtpServer.from=$$SMTP_FROM" \ -s "smtpServer.fromDisplayName=$$SMTP_FROM_DISPLAY_NAME" \ -s "smtpServer.auth=true" \ -s "smtpServer.starttls=true" \ -s "smtpServer.ssl=false" \ -s "smtpServer.user=$$SMTP_USER" \ -s "smtpServer.password=$$SMTP_PASSWORD" \ -s "loginTheme=$$LOGIN_THEME" \ -s "internationalizationEnabled=true" \ -s 'supportedLocales=["fr"]' \ -s "defaultLocale=fr" echo "Master realm configured." echo "Ensuring groups exist on ecosplay realm..." if /opt/keycloak/bin/kcadm.sh get realms/ecosplay >/dev/null 2>&1; then for grp in $$ECOSPLAY_GROUPS; do if /opt/keycloak/bin/kcadm.sh create groups -r ecosplay -s name="$$grp" >/dev/null 2>&1; then echo " + created group $$grp" else echo " = group $$grp already exists" fi done echo "Groups synced on ecosplay realm." else echo "ecosplay realm not found, skipping group sync (will be created from JSON import on next boot)." fi networks: - keycloak-net restart: "no" volumes: postgres_data: networks: keycloak-net: driver: bridge