networks:
  edge_net:
    name: ${EDGE_NET}
    external: true
  db_net:
    name: ${DB_NET}
    external: true
  cache-net:

volumes:
  name: ${IAM_DATA}
  external: true

secrets:
  JWT:
    file: '${ROOT}/secrets/iam/JWT'
  SESSION:
    file: '${ROOT}/secrets/iam/SESSION'
  STORAGE:
    file: '${ROOT}/secrets/iam/STORAGE'
  OIDC_HMAC:
    file: '${ROOT}/secrets/iam/OIDC_HMAC'
  DB:
    file: '${ROOT}/secrets/iam/DB'

services:
  iam:
    image: authelia/authelia:latest
    restart: unless-stopped
    secrets: ['JWT', 'SESSION', 'STORAGE', 'OIDC_HMAC', 'POSTGRES']
    environment:
      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT'
      AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION'
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE'
      AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC'
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/DB'
      X_AUTHELIA_CONFIG_FILTERS: 'template'
    env_file:
      - .env # Stack Vars
    user: "${UID}:${GID}"
    volumes:
      - ${CONFIG}/iam/configuration.yml:/config/configuration.yml
      - ${CONFIG}/iam/users.yml:/config/users.yml
      - ${SECRET}/iam/jwk/oidc-jwk.pem:/config/jwks/oidc-jwk.pem
      - ${SECRET}/iam/jwk/oidc-jwk-pub.pem:/config/jwks/oidc-jwk-pub.pem
    networks:
      - edge_net
      - db_net
      - cache_net
    expose:
      - 9091
  iam-cache:
    image: redis:latest
    restart: unless-stopped
    env_file:
      - .env
    networks:
      - cache-net
    expose:
      - 6379