{% import 'macro/postgres.j2' as pg with context %}
---
version: '3.9'

services:
  keycloak:
    image: registry.tobiasmanske.de/keycloak:main
    command: start
    depends_on:
      pg:
        condition: service_healthy
    environment:
      - "KC_DB=postgres"
      - "KC_DB_URL_HOST=pg"
      - "KC_DB_URL_DATABASE={{ auth.db.name }}"
      - "KC_DB_USERNAME={{ auth.db.user }}"
      - "KC_DB_PASSWORD={{ auth.db.password }}"
      - "KEYCLOAK_ADMIN={{ auth.keycloak.user }}"
      - "KEYCLOAK_ADMIN_PASSWORD={{ auth.keycloak.password }}"
      - "KC_PROXY=edge"
      - "KC_HOSTNAME=auth.tobiasmanske.de"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.keycloak.rule=Host(`auth.tobiasmanske.de`)"
      - "traefik.http.routers.keycloak.entryPoints=websecure"
      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
    restart: always
    networks:
      - backend
      - default # keycloak needs to talk to social logins

{{ pg.postgres("pg", auth.db.user, auth.db.password, auth.db.name, ["backend"]) }}

networks:
  postgres:
    internal: true
  backend:
    internal: true

volumes:
  pg_data:
...