services:
  postgres:
    image: postgres:16-alpine
    container_name: ecosplay-auth-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: keycloak
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - keycloak-net
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U keycloak"]
      interval: 10s
      timeout: 5s
      retries: 5

  keycloak:
    image: quay.io/keycloak/keycloak:26.0
    container_name: ecosplay-auth-keycloak
    restart: unless-stopped
    command: ["start", "--import-realm"]
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: keycloak
      KC_HOSTNAME: https://auth.e-cosplay.fr
      KC_HTTP_ENABLED: "true"
      KC_PROXY_HEADERS: xforwarded
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
      KC_BOOTSTRAP_ADMIN_USERNAME: admin
      KC_BOOTSTRAP_ADMIN_PASSWORD: admin
    ports:
      - "127.0.0.1:9450:8080"
    volumes:
      - ./themes/ecosplay:/opt/keycloak/themes/ecosplay:ro
      - ./realms:/opt/keycloak/data/import:ro
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/9000 && printf 'GET /health/ready HTTP/1.0\\r\\nHost: localhost\\r\\n\\r\\n' >&3 && grep -q UP <&3"]
      interval: 10s
      timeout: 5s
      retries: 30
      start_period: 120s
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - keycloak-net

  keycloak-init:
    image: quay.io/keycloak/keycloak:26.0
    container_name: ecosplay-auth-init
    depends_on:
      keycloak:
        condition: service_healthy
    environment:
      KC_SERVER: http://keycloak:8080
      KC_ADMIN: admin
      KC_ADMIN_PASSWORD: admin
      SMTP_HOST: email-smtp.eu-west-3.amazonaws.com
      SMTP_PORT: "587"
      SMTP_FROM: auth@e-cosplay.fr
      SMTP_FROM_DISPLAY_NAME: E-Cosplay
      SMTP_USER: AKIAWTT2T22CWBRBBDYN
      SMTP_PASSWORD: BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP
      LOGIN_THEME: ecosplay
    entrypoint: ["/bin/bash", "-c"]
    command:
      - |
        set -e
        until /opt/keycloak/bin/kcadm.sh config credentials \
            --server "$$KC_SERVER" \
            --realm master \
            --user "$$KC_ADMIN" \
            --password "$$KC_ADMIN_PASSWORD" >/dev/null 2>&1; do
          echo "Waiting for Keycloak to be ready..."
          sleep 5
        done
        echo "Keycloak ready, configuring master realm (SMTP + theme)..."
        /opt/keycloak/bin/kcadm.sh update realms/master \
          -s "smtpServer.host=$$SMTP_HOST" \
          -s "smtpServer.port=$$SMTP_PORT" \
          -s "smtpServer.from=$$SMTP_FROM" \
          -s "smtpServer.fromDisplayName=$$SMTP_FROM_DISPLAY_NAME" \
          -s "smtpServer.auth=true" \
          -s "smtpServer.starttls=true" \
          -s "smtpServer.ssl=false" \
          -s "smtpServer.user=$$SMTP_USER" \
          -s "smtpServer.password=$$SMTP_PASSWORD" \
          -s "loginTheme=$$LOGIN_THEME" \
          -s "internationalizationEnabled=true" \
          -s 'supportedLocales=["fr"]' \
          -s "defaultLocale=fr"
        echo "Master realm configured."
    networks:
      - keycloak-net
    restart: "no"

volumes:
  postgres_data:

networks:
  keycloak-net:
    driver: bridge