version: '3.9'

services:
  keycloak:
    build:
      context: .
      dockerfile: Containerfile
      args:
        KC_DB_USERNAME: ${KC_DB_USERNAME}
        KC_DB_PASSWORD: ${KC_DB_PASSWORD}
    container_name: keycloak
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
      KC_DB_USERNAME: ${KC_DB_USERNAME}
      KC_DB_PASSWORD: ${KC_DB_PASSWORD}
      KC_PROXY_HEADERS: xforwarded
      KC_PROXY_ADDRESS_FORWARDING: "true"
      KC_HTTP_ENABLED: "true"
      KC_HOSTNAME_STRICT: "false"
      KC_PROXY: edge
      KC_FEATURES: "token-exchange,scripts,preview,admin-api"
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
      KC_HOSTNAME: https://auth.mrx8086.com
      KC_BOOTSTRAP_ADMIN_USERNAME: admin
      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
    command: ["start-dev"]  # Für Entwicklung; entferne "-dev" für Produktion
    ports:
      - "8080:8080"
    volumes:
      - ../config/keycloak/themes:/opt/keycloak/themes:ro
    networks:
      - keycloak-network
    depends_on:
      - keycloak-db
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
      interval: 30s
      timeout: 10s
      retries: 3

  keycloak-db:
    image: postgres:15
    container_name: keycloak-db
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: ${KC_DB_USERNAME}
      POSTGRES_PASSWORD: ${KC_DB_PASSWORD}
    volumes:
      - ../data/keycloak/db:/var/lib/postgresql/data
    networks:
      - keycloak-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${KC_DB_USERNAME} -d keycloak"]
      interval: 10s
      timeout: 5s
      retries: 5

networks:
  keycloak-network:
    driver: bridge