services:
  postgres:
    image: postgres:16-alpine
    container_name: ecosplay-auth-db
    restart: unless-stopped
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: keycloak
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - keycloak-net
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U keycloak"]
      interval: 10s
      timeout: 5s
      retries: 5

  keycloak:
    image: quay.io/keycloak/keycloak:26.0
    container_name: ecosplay-auth-keycloak
    restart: unless-stopped
    command: start-dev
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: keycloak
      KC_HOSTNAME: localhost
      KC_HTTP_ENABLED: "true"
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
    ports:
      - "9450:8080"
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - keycloak-net

  keycloak-smtp-init:
    image: quay.io/keycloak/keycloak:26.0
    container_name: ecosplay-auth-smtp-init
    depends_on:
      keycloak:
        condition: service_started
    environment:
      KC_SERVER: http://keycloak:8080
      KC_ADMIN: admin
      KC_ADMIN_PASSWORD: admin
      SMTP_HOST: email-smtp.eu-west-3.amazonaws.com
      SMTP_PORT: "587"
      SMTP_FROM: auth@e-cosplay.fr
      SMTP_FROM_DISPLAY_NAME: E-Cosplay
      SMTP_USER: AKIAWTT2T22CWBRBBDYN
      SMTP_PASSWORD: BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP
    entrypoint: ["/bin/bash", "-c"]
    command:
      - |
        set -e
        until /opt/keycloak/bin/kcadm.sh config credentials \
            --server "$$KC_SERVER" \
            --realm master \
            --user "$$KC_ADMIN" \
            --password "$$KC_ADMIN_PASSWORD" >/dev/null 2>&1; do
          echo "Waiting for Keycloak to be ready..."
          sleep 5
        done
        echo "Keycloak ready, configuring SMTP on master realm..."
        /opt/keycloak/bin/kcadm.sh update realms/master \
          -s "smtpServer.host=$$SMTP_HOST" \
          -s "smtpServer.port=$$SMTP_PORT" \
          -s "smtpServer.from=$$SMTP_FROM" \
          -s "smtpServer.fromDisplayName=$$SMTP_FROM_DISPLAY_NAME" \
          -s "smtpServer.auth=true" \
          -s "smtpServer.starttls=true" \
          -s "smtpServer.ssl=false" \
          -s "smtpServer.user=$$SMTP_USER" \
          -s "smtpServer.password=$$SMTP_PASSWORD"
        echo "SMTP configuration applied to master realm."
    networks:
      - keycloak-net
    restart: "no"

volumes:
  postgres_data:

networks:
  keycloak-net:
    driver: bridge