name: ${STACK}

networks:
  edge-net:
    name: ${EDGE_NET}
    external: true
  db-net:
    name: ${DB_NET}
    external: true
  cache-net:

volumes:
  config:
    name: ${IAM_CONFIG_VOLUME}
    external: true

secrets:
  JWT_SECRET:
    file: './srv/secrets/auth/JWT_SECRET'
  SESSION_SECRET:
    file: './srv/secrets/auth/SESSION_SECRET'
  STORAGE_ENCRYPTION:
    file: './srv/secrets/auth/STORAGE_ENCRYPTION'
  OIDC_HMAC_SECRET:
    file: './srv/secrets/auth/OIDC_HMAC_SECRET'
  POSTGRES_PASSWORD:
    file: './srv/secrets/auth/POSTGRES_PASSWORD'

services:
  auth-test:
    container_name: ${IAM_CONTAINER}
    image: authelia/authelia:latest
    restart: unless-stopped
    secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET', 'POSTGRES_PASSWORD']
    environment:
      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET'
      AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET'
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION'
      AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC_SECRET'
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/POSTGRES_PASSWORD'
      X_AUTHELIA_CONFIG_FILTERS: 'template'
    env_file:
      - .run.env # Runtime Vars
      - .env # Stack Vars
    user: "${UID}:${GID}"
    volumes:
      - config:/config
      - ${CONFIG_FILE}:/config/configuration.yml
      - ${USERS_FILE}:/config/users.yml
      - ${JWK_PRIV_KEY}:/config/jwks/oidc-jwk.pem
      - ${JWK_PUBL_KEY}:/config/jwks/oidc-jwk-pub.pem
    networks:
      - edge-net
      - db-net
      - cache-net
    expose:
      - 9091
  auth-cache-test:
    container_name: ${IAM_CACHE_CONTAINER}
    image: redis:latest
    restart: unless-stopped
    env_file:
      - .env
    networks:
      - cache-net
    expose:
      - 6379