# Source: modular-oss-saas/infra/compose/docker-compose.yml
# Purpose: reference env var names for Cosmo+MinIO (no values, only names)

        WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'keycloak');
        \\gexec

        GRANT ALL PRIVILEGES ON DATABASE keycloak TO ${COSMO_POSTGRES_USER};
        SQL
    restart: 'no'
    networks:
      - tribuence-net

  minio:
    image: minio/minio:latest
    restart: unless-stopped
    command: ['server', '/data', '--console-address', ':${MINIO_CONSOLE_PORT:-9001}']
    environment:
      MINIO_ROOT_USER: ${MINIO_ACCESS_KEY}
      MINIO_ROOT_PASSWORD: ${MINIO_SECRET_KEY}
    ports:
      - '${MINIO_PORT:-9000}:9000'
      - '${MINIO_CONSOLE_PORT:-9001}:9001'
    volumes:
      - minio-data:/data
      - ./scripts:/opt/healthcheck:ro
    networks:
      - tribuence-net
    healthcheck:
      test:
        - CMD
        - /opt/healthcheck/http-healthcheck.sh
        - http://127.0.0.1:9000/minio/health/live
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s

  app-keycloak:
    image: quay.io/keycloak/keycloak:26.1.1
    restart: unless-stopped
    command:
      - start-dev
      - --import-realm
    environment:
      KEYCLOAK_ADMIN: ${APP_KEYCLOAK_ADMIN}
      KEYCLOAK_ADMIN_PASSWORD: ${APP_KEYCLOAK_ADMIN_PASSWORD}
      KC_METRICS_ENABLED: 'true'
      KC_HEALTH_ENABLED: 'true'
      KC_HTTP_MANAGEMENT_PORT: '9000'
      KC_HTTP_MANAGEMENT_HOST: 0.0.0.0
    volumes:
      - ./keycloak/realm.json:/opt/keycloak/data/import/realm.json:ro
      - ../keycloak/templates:/opt/keycloak/data/templates:ro
    ports:
      - '${APP_KEYCLOAK_HTTP_PORT:-9080}:8080'
      - '${APP_KEYCLOAK_MGMT_PORT:-9090}:9000'
    networks:
      - tribuence-net
    healthcheck:
      test:
        - CMD-SHELL
        - >
          exec 3<>/dev/tcp/127.0.0.1/9000 &&
          printf 'GET /health/ready HTTP/1.0\r\n\r\n' >&3 &&
          head -1 <&3 | grep -q ' 200 '
      interval: 30s
      timeout: 5s
      retries: 10

  cosmo-clickhouse:
    image: clickhouse/clickhouse-server:24.12
    restart: unless-stopped
    environment:
      CLICKHOUSE_DB: ${COSMO_CLICKHOUSE_DB}
      CLICKHOUSE_USER: ${COSMO_CLICKHOUSE_USER}
      CLICKHOUSE_PASSWORD: ${COSMO_CLICKHOUSE_PASSWORD}
    volumes:
      - cosmo-clickhouse-data:/var/lib/clickhouse
      - ./cosmo/clickhouse/init:/docker-entrypoint-initdb.d:ro
    networks:
      - tribuence-net
    healthcheck:
      test:
        [
          'CMD',
          'clickhouse-client',
          '--user',
          '${COSMO_CLICKHOUSE_USER}',
          '--password',
          '${COSMO_CLICKHOUSE_PASSWORD}',
          '--query',
          'SELECT 1',
        ]
      interval: 30s

      - --appendonly
      - 'yes'
      - --requirepass
      - '${REDIS_PASSWORD}'
    restart: unless-stopped
    healthcheck:
      test: ['CMD', 'redis-cli', '-a', '${REDIS_PASSWORD}', 'PING']
      interval: 30s
      timeout: 5s
      retries: 5
    volumes:
      - redis-data:/data
    networks:
      - tribuence-net
  cosmo-nats:
    image: nats:2.10-alpine
    restart: unless-stopped
    command: ['-js']
    networks:
      - tribuence-net

  cosmo-keycloak:
    image: quay.io/keycloak/keycloak:26.1.1
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_started
      cosmo-postgres-bootstrap:
        condition: service_completed_successfully
    command:
      - start-dev
    environment:
      KEYCLOAK_ADMIN: ${COSMO_KEYCLOAK_ADMIN}
      KEYCLOAK_ADMIN_PASSWORD: ${COSMO_KEYCLOAK_ADMIN_PASSWORD}
      KC_DB: postgres
      KC_DB_URL_HOST: postgres
      KC_DB_URL_DATABASE: keycloak
      KC_DB_USERNAME: ${COSMO_POSTGRES_USER}
      KC_DB_PASSWORD: ${COSMO_POSTGRES_PASSWORD}
      KC_HEALTH_ENABLED: 'true'
      KC_METRICS_ENABLED: 'true'
    volumes:
      - ./cosmo/keycloak/realm.json:/opt/keycloak/data/import/realm.json:ro
    ports:
      - '8080:8080'
    networks:
      - tribuence-net
    healthcheck:
      test: ['CMD-SHELL', 'bash', '-c', 'exec 3<>/dev/tcp/localhost/8080']
      interval: 30s
      timeout: 5s
      retries: 10

  cosmo-cdn:
    image: ghcr.io/wundergraph/cosmo/cdn:latest
    restart: unless-stopped
    depends_on:
      - minio
    environment:
      PORT: 11000
      NODE_ENV: development
      AUTH_JWT_SECRET: ${COSMO_AUTH_JWT_SECRET}
      AUTH_ADMISSION_JWT_SECRET: ${COSMO_AUTH_ADMISSION_SECRET}
      S3_STORAGE_URL: http://${MINIO_ACCESS_KEY}:${MINIO_SECRET_KEY}@minio:9000/${COSMO_S3_BUCKET}
      S3_REGION: ${S3_REGION:-auto}
      S3_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY}
      S3_SECRET_ACCESS_KEY: ${MINIO_SECRET_KEY}
      S3_FORCE_PATH_STYLE: 'true'
    ports:
      - '11000:11000'
    networks:
      - tribuence-net

  cosmo-controlplane:
    image: ghcr.io/wundergraph/cosmo/controlplane:latest
    restart: unless-stopped
    env_file:
      - ./.env
    depends_on:
      postgres:
        condition: service_started
      cosmo-postgres-bootstrap:
        condition: service_completed_successfully
      cosmo-clickhouse:
        condition: service_started
      cosmo-keycloak:
        condition: service_started
      redis:
        condition: service_started
      cosmo-nats:
        condition: service_started
    environment:
      DB_URL: postgresql://${COSMO_POSTGRES_USER}:${COSMO_POSTGRES_PASSWORD}@postgres:5432/${COSMO_POSTGRES_DB}
      PORT: 3001
      HOST: 0.0.0.0
      ALLOWED_ORIGINS: http://localhost:3003
      LOG_LEVEL: info
      DEBUG_SQL: 'false'
      CLICKHOUSE_DSN: http://${COSMO_CLICKHOUSE_USER}:${COSMO_CLICKHOUSE_PASSWORD}@cosmo-clickhouse:8123?database=${COSMO_CLICKHOUSE_DB}
      CLICKHOUSE_MIGRATION_DSN: clickhouse://${COSMO_CLICKHOUSE_USER}:${COSMO_CLICKHOUSE_PASSWORD}@cosmo-clickhouse:9000?database=${COSMO_CLICKHOUSE_DB}
      AUTH_JWT_SECRET: ${COSMO_AUTH_JWT_SECRET}
      AUTH_ADMISSION_JWT_SECRET: ${COSMO_AUTH_ADMISSION_SECRET}
      KC_REALM: cosmo
      KC_CLIENT_ID: studio
      KC_ADMIN_USER: ${COSMO_KEYCLOAK_ADMIN}
      KC_ADMIN_PASSWORD: ${COSMO_KEYCLOAK_ADMIN_PASSWORD}
      KC_API_URL: http://cosmo-keycloak:8080
      KC_FRONTEND_URL: http://cosmo-keycloak:8080
      AUTH_REDIRECT_URI: http://localhost:3001/v1/auth/callback
      CDN_BASE_URL: http://localhost:11000
      WEB_BASE_URL: http://localhost:3003
      REDIS_HOST: ${REDIS_HOST}
      REDIS_URL: ${REDIS_PROTOCOL}:${REDIS_PASSWORD}@${REDIS_HOST}:${REDIS_PORT}/${COSMO_REDIS_INDEX}
      REDIS_PORT: ${REDIS_PORT}
      REDIS_PASSWORD: ${REDIS_PASSWORD}
      NATS_URL: nats://cosmo-nats:4222
      S3_STORAGE_URL: http://${MINIO_ACCESS_KEY}:${MINIO_SECRET_KEY}@minio:9000/${COSMO_S3_BUCKET}
      S3_REGION: ${S3_REGION:-auto}
      S3_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY}
      S3_SECRET_ACCESS_KEY: ${MINIO_SECRET_KEY}
      S3_FORCE_PATH_STYLE: 'true'
    ports:
      - '3001:3001'
    networks:
      - tribuence-net
    healthcheck:
      test:
        [
          'CMD-SHELL',
          'node',
          '-e',
          "fetch('http://localhost:3001/health').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1));",
        ]
      interval: 30s
      timeout: 5s
      retries: 10

  cosmo-studio:
    image: ghcr.io/wundergraph/cosmo/studio:latest
    restart: unless-stopped
    depends_on:
      - cosmo-controlplane
    environment:
      NEXT_PUBLIC_COSMO_CP_URL: ${COSMO_CONTROLPLANE_URL}
      NEXT_PUBLIC_COSMO_STUDIO_URL: http://localhost:3003
      HOSTNAME: 0.0.0.0
    ports:
      - '3003:3000'
    networks:
      - tribuence-net

  cosmo-seed:
    image: ghcr.io/wundergraph/cosmo/controlplane:latest
    command:
      - /app/dist/bin/seed.js
    depends_on:
      cosmo-controlplane:
        condition: service_healthy
      cosmo-keycloak:
        condition: service_healthy
    environment:
      KC_REALM: cosmo
      KC_API_URL: http://cosmo-keycloak:8080
      KC_ADMIN_USER: ${COSMO_KEYCLOAK_ADMIN}
      KC_ADMIN_PASSWORD: ${COSMO_KEYCLOAK_ADMIN_PASSWORD}
      KC_CLIENT_ID: studio
      API_KEY: ${COSMO_SEED_API_KEY}
      DB_URL: postgresql://${COSMO_POSTGRES_USER}:${COSMO_POSTGRES_PASSWORD}@postgres:5432/${COSMO_POSTGRES_DB}
      USER_EMAIL: ${COSMO_SEED_USER_EMAIL}
      USER_PASSWORD: ${COSMO_SEED_USER_PASSWORD}
      USER_FIRSTNAME: Cosmo
      USER_LASTNAME: Admin
      ORGANIZATION_NAME: ${COSMO_SEED_ORG}
      ORGANIZATION_SLUG: ${COSMO_SEED_ORG}
    networks:
      - tribuence-net
    restart: 'no'
    profiles:
      - cosmo-seed


networks:
  tribuence-net:
    name: tribuence-net
    driver: bridge

volumes:
  postgres-data:
  redis-data:
  minio-data:
  cosmo-clickhouse-data:
