version: "3.9"

services:
  # database migrations for kratos
  kratos-migrate:
    image: oryd/kratos:v0.10.1
    environment:
      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
    volumes:
      - type: volume
        source: kratos-sqlite
        target: /var/lib/sqlite
        read_only: false
      - type: bind
        source: ./kratos
        target: /etc/config/kratos
    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes

  # ory kratos identity management API
  kratos:
    depends_on:
      - kratos-migrate
      - envoy
    image: oryd/kratos:v0.10.1
    ports:
      - 4433:4433
    environment:
      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
      - LOG_LEVEL=trace
    command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
    volumes:
      - type: volume
        source: kratos-sqlite
        target: /var/lib/sqlite
        read_only: false
      - type: bind
        source: ./kratos
        target: /etc/config/kratos

  # ory oathkeeper API gateway
  oathkeeper:
    image: oryd/oathkeeper:v0.39.3
    depends_on:
      - kratos
      - envoy
    ports:
      - 8888:8888
    command:
      serve proxy -c /etc/config/oathkeeper/oathkeeper.yml
    volumes:
      - ./oathkeeper:/etc/config/oathkeeper

  # envoy proxy
  envoy:
    image: envoyproxy/envoy:v1.22.5
    command: envoy -c /envoy.yaml
    depends_on:
      - ratelimit
      - postgrpc
    volumes:
      - ./envoy.yaml:/envoy.yaml
      - ./postgrpc.pb:/proto/postgrpc.pb

  # envoy ratelimiter
  ratelimit:
    image: envoyproxy/ratelimit:master
    command: /bin/ratelimit
    depends_on:
      - redis
    volumes:
      - ./ratelimit.yaml:/srv/runtime_data/current/ratelimit/config/config.yaml
    environment:
      - LOG_LEVEL=info
      - USE_STATSD=false
      - REDIS_SOCKET_TYPE=tcp
      - REDIS_URL=redis:6379
      - RUNTIME_SUBDIRECTORY=ratelimit
      - RUNTIME_WATCH_ROOT=false

  # redis database for rate limiting
  redis:
    image: redis:alpine

  # admin postgrpc instance
  postgrpc-admin:
    build:
      context: ../../../
      dockerfile: postgrpc/Dockerfile
    depends_on:
      - postgres
    environment:
      - PORT=50052
      - HOST=0.0.0.0
      - PGHOST=postgres
      - PGDBNAME=appdb
      - PGUSER=admin
      - PGPASSWORD=supersecretadminpassword
      - PGAPPNAME=postgrpc_admin
      - RUST_LOG=info
      - TERMINATION_PERIOD=1000

  # user-facing postgrpc instance
  postgrpc:
    build:
      context: ../../../
      dockerfile: postgrpc/Dockerfile
    depends_on:
      - postgres
    environment:
      - PORT=50051
      - HOST=0.0.0.0
      - PGHOST=postgres
      - PGDBNAME=appdb
      - PGUSER=appuser
      - PGPASSWORD=supersecretpassword
      - RUST_LOG=info
      - STATEMENT_TIMEOUT=500
      - TERMINATION_PERIOD=1000
      - RECYCLING_METHOD=clean

  # postgres database for postgrpc
  postgres:
    image: postgres
    environment:
      - POSTGRES_PASSWORD=superuserpassword
    volumes:
      - ./init.sh:/docker-entrypoint-initdb.d/init.sh

  # web application for end users
  app:
    build:
      context: ./app
      args:
        - REACT_APP_KRATOS_PUBLIC_URL=http://127.0.0.1:4433
        - REACT_APP_POSTGRPC_URL=http://127.0.0.1:8888 # proxied by oathkeeper
    ports:
      - 4455:4455
    depends_on:
      - kratos
      - oathkeeper
    environment:
      - PORT=4455

volumes:
  kratos-sqlite: