services:
  postgresql:
    image: postgres:18.0
    restart: unless-stopped
    environment:
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_USER=${POSTGRES_USER:-keycloak}
      - POSTGRES_DB=${POSTGRES_DB:-keycloak}
    volumes:
      - ${POSTGRES_DATA:-postgres_data}:/var/lib/postgresql/data

  keycloak:
    image: quay.io/keycloak/keycloak:26.4
    restart: unless-stopped
    depends_on:
      - postgresql
    command: start
    environment:
      - KC_DB=postgres
      - KC_DB_URL=jdbc:postgresql://postgresql/${POSTGRES_DB:-keycloak}
      - KC_DB_PASSWORD=${POSTGRES_PASSWORD}
      - KC_DB_USERNAME=${POSTGRES_USER:-keycloak}
      - KC_PROXY=edge
      - KC_HOSTNAME_STRICT=false
      - KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN_USER:-admin}
      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
    labels:
      - traefik.enable=true
      - traefik.http.routers.keycloak.entryPoints=https
      - traefik.http.routers.keycloak.rule=Host(`${HOST}`)
      - traefik.http.routers.keycloak.tls.certresolver=le-ssl
      - traefik.http.services.keycloak.loadbalancer.server.port=8080
      - traefik.docker.network=front
    networks:
      - default
      - front

volumes:
  postgresql_data:
    driver: local

networks:
  front:
    external: true