services:
  postgres:
    image: postgres:16.2
    volumes:
      - ./postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${POSTGRES_DB}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    networks:
      keycloak: # ipv4_address: 10.120.0.2
    restart: always
  keycloak:
    image: quay.io/keycloak/keycloak:latest
    command: "start"
    volumes:
      - ./themes:/opt/keycloak/themes
    environment:
      KC_HOSTNAME: https://auth.z.com/
      KC_HOSTNAME_PORT: 443
      # KC_HOSTNAME_STRICT_BACKCHANNEL: false
      # KC_HOSTNAME_STRICT_HTTPS: false
      # KC_HEALTH_ENABLED: false
      # KC_PROXY: edge
      PROXY_ADDRESS_FORWARDING: true
      # KC_HTTP_RELATIVE_PATH: "/"
      # KC_HOSTNAME_URL: keycloak.z.test
      # KC_HOSTNAME_ADMIN_URL: "https://keycloak.z.test"
      # KC_HOSTNAME: ${KC_HOSTNAME}
      # KC_PROXY_HEADERS: xforwarded
      KC_HTTP_ENABLED: true

      KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
      KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN}
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
      KC_DB_USERNAME: ${POSTGRES_USER}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}

    ports:
      - 8080:8080
      - 8443:8443
    restart: always
    depends_on:
      - postgres
    networks:
      keycloak:
        # ipv4_address: 10.120.0.1
        # volumes:
        #   postgres_data:
        #     driver: local

networks:
  keycloak:
    # driver: bridge
    # ipam:
    #   config:
    #     - subnet: 10.120.0.0/24
    #       gateway: 10.120.0.254