services:
  lacpass-backend:
    build:
      context: ..
      dockerfile: ./docker/Dockerfile
    container_name: lacpass-backend
    image: ips-backend
    networks:
      - backend
    env_file:
      - ../.env
    environment:
      API_PORT: ${API_PORT:-3000}
      AUTH_INTERNAL_URL: ${AUTH_INTERNAL_URL:-http://auth:8080}
      AUTH_HOSTNAME: ${KEYCLOAK_HOSTNAME:-http://localhost:9083}
      AUTH_REALM: ${KEYCLOAK_REALM:-lacpass}
      AUTH_CLIENT_ID: ${AUTH_CLIENT_ID:-admin-cli}
      # Need to set this after creating a client for Keycloak Admin API access, using service account
      AUTH_CLIENT_SECRET: ${KEYCLOAK_ADMIN_CLIENT_SECRET:-bbU4vnqhqe2AJ32XpdQVRVqfRMA82Hnu}
      AUTH_EMAIL_REDIRECT_URI: ${AUTH_EMAIL_REDIRECT_URI:-ph4happ://open/validated-email}
      AUTH_EMAIL_CLIENT_ID: ${AUTH_EMAIL_CLIENT_ID:-app}
      FHIR_BASE_URL: ${FHIR_BASE_URL:-http://lacpass.create.cl:8080}
      VHL_BASE_URL: ${VHL_BASE_URL:-http://lacpass.create.cl:8182}
      FHIR_MEDIATOR_BASE_URL: ${FHIR_MEDIATOR_BASE_URL:-http://lacpass.create.cl:3000}
      API_SWAGGER: ${API_SWAGGER:-true}
      WALLET_ENABLED: ${WALLET_ENABLED:-0}
      WALLET_URL: ${WALLET_URL:-https://conectathon-balancer.izer.tech/}
      WALLET_IDENTIFIER: ${WALLET_IDENTIFIER:-test}
      WALLET_API_KEY: ${WALLET_API_KEY:-}
      ICVP_VALIDATOR_URL: ${ICVP_VALIDATOR_URL:-http://lacpass.create.cl:7089}
    ports:
      - "9081:3000"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 10s
      timeout: 5s
      retries: 5
    depends_on:
      auth:
        condition: service_healthy

  auth:
    image: quay.io/keycloak/keycloak:26.2.5
    container_name: auth
    env_file:
      - ../.env
    command: ["start", "--import-realm"]
    volumes:
      - ../config/keycloak:/opt/keycloak/data/import
    environment:
      KC_HEALTH_ENABLED: ${KC_HEALTH_ENABLED:-true}
      KC_METRICS_ENABLED: ${KC_METRICS_ENABLED:-true}
      KC_DB_URL_HOST: auth-db
      KC_DB_DATABASE: ${POSTGRES_DB:-keycloak}
      KC_DB_USERNAME: ${POSTGRES_USER:-keycloak}
      KC_DB_PASSWORD: ${POSTGRES_PASS:-p@ssw0rd}
      KC_HOSTNAME: ${KC_HOSTNAME:-localhost}
      KC_HTTP_ENABLED: ${KC_HTTP_ENABLED:-true}
      KC_HOSTNAME_STRICT_HTTPS: ${KC_HOSTNAME_STRICT_HTTPS:-false}
      KC_DB: ${KC_DB:-postgres}
      TZ: ${TZ:-America/Argentina/Buenos_Aires}
      KC_LOG_LEVEL: ${KC_LOG_LEVEL:-DEBUG}
      KC_PROXY_HEADERS: ${KC_PROXY_HEADERS:-xforwarded}
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-adminpassword}
    healthcheck:
      test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/9000 && echo -e 'GET /health/ready HTTP/1.0\\r\\nHost: localhost\\r\\n\\r\\n' >&3 && grep -q '200 OK' <&3"]
      interval: 15s
      timeout: 5s
      retries: 10
      start_period: 40s
    ports:
      - "9083:8080"
    networks:
      - backend
      - auth
    depends_on:
      auth-db:
        condition: service_healthy
    

  auth-db:
    image: postgres:17.5-alpine
    container_name: auth-db
    volumes:
      - auth-data:/var/lib/postgresql/data
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${POSTGRES_DB:-keycloak}
      POSTGRES_USER: ${POSTGRES_USER:-keycloak}
      POSTGRES_PASSWORD: ${POSTGRES_PASS:-p@ssw0rd}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "pg_isready -U ${POSTGRES_USER:-keycloak} -d ${POSTGRES_DB:-keycloak} -h localhost",
        ]
      interval: 5s
      timeout: 3s
      retries: 5
    networks:
      - auth

  mailcatcher:
    image: haravich/fake-smtp-server:20250615
    container_name: mailcatcher
    platform: "linux/amd64"
    ports:
      - "25:1025"
      - "9082:1080"
    networks:
      - auth

volumes:
  auth-data:

networks:
  auth:
  backend: