services:
  keywarden-nginx:
    container_name: keywarden-nginx
    image: nginx:alpine
    restart: unless-stopped
    volumes:
      - ${DOCKERDIR}/nginx/configs/nginx.conf:/etc/nginx/nginx.conf:ro
      - ${DOCKERDIR}/nginx/configs/sites:/etc/nginx/conf.d/
      - ${DOCKERDIR}/nginx/certs/:/certs/
      - ${DOCKERDIR}/nginx/webdir/:/var/www/
      - ${DOCKERDIR}/nginx/logs:/var/log/nginx/
# - "external:internal", change external to desired port
    ports:
      - "443:443"

  keywarden-valkey:
    image: valkey/valkey:latest
    restart: unless-stopped
    container_name: keywarden-valkey
    environment:
      - ALLOW_EMPTY_PASSWORD=yes

  keywarden-db:
    container_name: keywarden-db
    image: postgres:17-alpine
    environment:
      POSTGRES_PASSWORD: ${KEYWARDEN_POSTGRES_PASSWORD:-postgres}
      POSTGRES_DB: ${KEYWARDEN_POSTGRES_DB:-keywarden}
      POSTGRES_USER: ${KEYWARDEN_POSTGRES_USER:-keywarden}
      POSTGRES_PORT: ${KEYWARDEN_POSTGRES_PORT:-5432}
# Do not enable unless debugging, not needed to be exposed outside of docker network
#    ports: 
#      - "5432:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U keywarden -d keywarden"]
      interval: 5s
      timeout: 5s
      retries: 20
    volumes: 
      - "pgdata:/var/lib/postgresql/data"

  keywarden:
    build: .
    container_name: keywarden
    command: gunicorn keywarden.wsgi:application --bind 0.0.0.0:8000
    volumes:
      - .:/app
    ports:
      - "8000:8000"
    depends_on:
      - keywarden-db
      - keywarden-valkey
    environment:
      - DJANGO_SETTINGS_MODULE=keywarden.settings.dev
      - PYTHONPATH=/app
    env_file:
      - .env


#  authentik:
#    image: ghcr.io/goauthentik/server
#    environment:
#      AUTHENTIK_SECRET_KEY: supersecretkey
#      AUTHENTIK_POSTGRESQL__HOST: db
#      AUTHENTIK_POSTGRESQL__USER: django
#      AUTHENTIK_POSTGRESQL__PASSWORD: django
#      AUTHENTIK_POSTGRESQL__NAME: authentik
#    ports:
#      - "9000:9000"

volumes:
  pgdata: