version: '3.8'

services:
  postgres:
    container_name: {{ customer }}-keycloak-db
    image: postgres:14
    restart: always
    volumes:
      - {{ customer }}-keycloak-postgres:/var/lib/postgresql/data
      - {{ customer }}-keycloak-backups:/tmp/backups
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: {{ keycloak_postgres_password }}
    networks:
      {{ customer }}-keycloak:
        ipv4_address: 172.20.31.2

  keycloak:
    container_name: {{ customer }}-keycloak
    image: quay.io/keycloak/keycloak:latest
    restart: always
    command: start
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://{{ customer }}-keycloak-db:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: {{ keycloak_postgres_password }}
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: {{ keycloak_admin_password }}
      KC_HOSTNAME_STRICT: false
      KC_PROXY: edge
      KC_HTTP_RELATIVE_PATH: /
      KC_HEALTH_ENABLED: true
    depends_on:
      - postgres
    ports:
      - "127.0.0.1:8080:8080"
    networks:
      {{ customer }}-keycloak:
        ipv4_address: 172.20.31.3
    labels:
      - "diun.enable=true"

networks:
  {{ customer }}-keycloak:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.31.0/28

volumes:
  {{ customer }}-keycloak-postgres:
  {{ customer }}-keycloak-backups: