version: "3.7"

x-logging: &default-logging
  driver: json-file
  options:
    max-size: "10m"
    max-file: "3"

services:
  webapp:
    build:
      args:
        WITH_ACCOUNTS: 0 # temporarily disable accounts frontend

  nginx:
    volumes:
      - ./docker/accounts/nginx.secure.conf:/etc/nginx/conf.extra.d/nginx.secure.conf:ro

  accounts:
    build:
      context: ./docker/accounts
      dockerfile: Dockerfile
    container_name: accounts
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    environment:
      - SKYNET_DB_HOST=mongo
      - SKYNET_DB_PORT=27017
      - SKYNET_DB_USER=${SKYNET_DB_USER}
      - SKYNET_DB_PASS=${SKYNET_DB_PASS}
      - COOKIE_DOMAIN=${COOKIE_DOMAIN}
      - COOKIE_HASH_KEY=${COOKIE_HASH_KEY}
      - COOKIE_ENC_KEY=${COOKIE_ENC_KEY}
    expose:
      - 3000
    networks:
      shared:
        ipv4_address: 10.10.10.70
    depends_on:
      - mongo
      - oathkeeper

  mongo:
    image: mongo:4.4.1
    command: --keyFile=/data/mgkey --replSet=skynet
    container_name: mongo
    restart: unless-stopped
    logging: *default-logging
    volumes:
      - ./docker/data/mongo/db:/data/db
      - ./docker/data/mongo/mgkey:/data/mgkey:rw
    networks:
      shared:
        ipv4_address: 10.10.10.71
    ports:
      - "27017:27017"

  kratos-migrate:
    image: oryd/kratos:v0.5.4-alpha.1
    container_name: kratos-migrate
    restart: on-failure
    logging: *default-logging
    environment:
      - DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt
      - SQA_OPT_OUT=true
    volumes:
      - ./docker/kratos/config:/etc/config/kratos
      - ./docker/data/cockroach/sqlite:/var/lib/sqlite
      - ./docker/kratos/cr_certs:/certs
    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
    networks:
      shared:
        ipv4_address: 10.10.10.80

  kratos:
    image: oryd/kratos:v0.5.4-alpha.1
    container_name: kratos
    restart: unless-stopped
    logging: *default-logging
    ports:
      - "4433:4433" # public
      - "4434:4434" # admin
    expose:
      - 4433 # public
      - 4434 # admin
    environment:
      - DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt
      - LOG_LEVEL=trace
      - SERVE_PUBLIC_BASE_URL=/.ory/kratos/public/
      - SQA_OPT_OUT=true
    command: serve -c /etc/config/kratos/kratos.yml
    volumes:
      - ./docker/kratos/config:/etc/config/kratos
      - ./docker/data/cockroach/sqlite:/var/lib/sqlite
      - ./docker/kratos/cr_certs:/certs
    networks:
      shared:
        ipv4_address: 10.10.10.81
    depends_on:
      - kratos-migrate

  dashboard:
    build:
      context: ./packages/dashboard
      dockerfile: Dockerfile
    container_name: dashboard
    restart: unless-stopped
    logging: *default-logging
    environment:
      - SECURITY_MODE=jwks
      - PROJECT_NAME=Skynet
      - BASE_URL=/
      - KRATOS_BROWSER_URL=/.ory/kratos/public
      - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json
      - KRATOS_PUBLIC_URL=http://kratos:4433/
      - KRATOS_ADMIN_URL=http://kratos:4434/
      - SQA_OPT_OUT=true
    networks:
      shared:
        ipv4_address: 10.10.10.85
    expose:
      - 3000

  oathkeeper:
    image: oryd/oathkeeper:v0.38
    container_name: oathkeeper
    depends_on:
      - kratos
    expose:
      - 4455
      - 4456
    command: serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml"
    environment:
      - LOG_LEVEL=debug
    volumes:
      - ./docker/kratos/oathkeeper:/etc/config/oathkeeper
    restart: on-failure
    networks:
      shared:
        ipv4_address: 10.10.10.83

  cockroach:
    image: cockroachdb/cockroach:v20.2.3
    container_name: cockroach
    env_file:
      - .env
    command: start --advertise-addr=${CR_IP} --join=${CR_CLUSTER_NODES} --certs-dir=/certs --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080
    volumes:
      - ./docker/data/cockroach/sqlite:/cockroach/cockroach-data
      - ./docker/cockroach/certs:/certs
    ports:
      - "4080:8080"
      - "26257:26257"
    networks:
      shared:
        ipv4_address: 10.10.10.84