services:
  db-vuln:
    image: mariadb:11.4.5
    environment:
      MARIADB_ROOT_PASSWORD: rootpass
      MARIADB_DATABASE: wordpress
      MARIADB_USER: wp
      MARIADB_PASSWORD: wppass
    healthcheck:
      test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -uroot -prootpass --silent"]
      interval: 5s
      timeout: 5s
      retries: 20
    volumes:
      - db_vuln:/var/lib/mysql
    networks:
      - lab

  vuln:
    build:
      context: ./vuln
    environment:
      WORDPRESS_DB_HOST: db-vuln:3306
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_DB_USER: wp
      WORDPRESS_DB_PASSWORD: wppass
      WORDPRESS_CONFIG_EXTRA: |
        define('WP_HOME', 'http://localhost:8081');
        define('WP_SITEURL', 'http://localhost:8081');
        define('FORCE_SSL_ADMIN', false);
    depends_on:
      db-vuln:
        condition: service_healthy
    ports:
      - "8081:80"
    volumes:
      - wp_vuln:/var/www/html
    networks:
      - lab

  seed-vuln:
    image: wordpress:cli-php8.2
    user: "0:0"
    depends_on:
      db-vuln:
        condition: service_healthy
      vuln:
        condition: service_started
    environment:
      WORDPRESS_DB_HOST: db-vuln:3306
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_DB_USER: wp
      WORDPRESS_DB_PASSWORD: wppass
      WP_PATH: /var/www/html
      PUBLIC_URL: http://localhost:8081
      WP_TITLE: CVE-2026-27541 Vulnerable Lab
      WC_VERSION: 10.6.0
      WWP_VERSION: 2.2.6
      ADMIN_USER: admin
      ADMIN_PASSWORD: AdminPass!234
      ADMIN_EMAIL: admin@example.test
      SHOPMGR_USER: shopmgr
      SHOPMGR_PASSWORD: ShopMgrPass!234
      SHOPMGR_EMAIL: shopmgr@example.test
      LAB_VARIANT: vuln
    entrypoint: ["/bin/sh", "/opt/lab/scripts/seed-wp.sh"]
    volumes:
      - wp_vuln:/var/www/html
      - ./scripts:/opt/lab/scripts:ro
    networks:
      - lab

  db-patched:
    image: mariadb:11.4.5
    environment:
      MARIADB_ROOT_PASSWORD: rootpass
      MARIADB_DATABASE: wordpress
      MARIADB_USER: wp
      MARIADB_PASSWORD: wppass
    healthcheck:
      test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -uroot -prootpass --silent"]
      interval: 5s
      timeout: 5s
      retries: 20
    volumes:
      - db_patched:/var/lib/mysql
    networks:
      - lab

  patched:
    build:
      context: ./patched
    environment:
      WORDPRESS_DB_HOST: db-patched:3306
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_DB_USER: wp
      WORDPRESS_DB_PASSWORD: wppass
      WORDPRESS_CONFIG_EXTRA: |
        define('WP_HOME', 'http://localhost:8082');
        define('WP_SITEURL', 'http://localhost:8082');
        define('FORCE_SSL_ADMIN', false);
    depends_on:
      db-patched:
        condition: service_healthy
    ports:
      - "8082:80"
    volumes:
      - wp_patched:/var/www/html
    networks:
      - lab

  seed-patched:
    image: wordpress:cli-php8.2
    user: "0:0"
    depends_on:
      db-patched:
        condition: service_healthy
      patched:
        condition: service_started
    environment:
      WORDPRESS_DB_HOST: db-patched:3306
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_DB_USER: wp
      WORDPRESS_DB_PASSWORD: wppass
      WP_PATH: /var/www/html
      PUBLIC_URL: http://localhost:8082
      WP_TITLE: CVE-2026-27541 Patched Lab
      WC_VERSION: 10.6.0
      WWP_VERSION: 2.2.7
      ADMIN_USER: admin
      ADMIN_PASSWORD: AdminPass!234
      ADMIN_EMAIL: admin@example.test
      SHOPMGR_USER: shopmgr
      SHOPMGR_PASSWORD: ShopMgrPass!234
      SHOPMGR_EMAIL: shopmgr@example.test
      LAB_VARIANT: patched
    entrypoint: ["/bin/sh", "/opt/lab/scripts/seed-wp.sh"]
    volumes:
      - wp_patched:/var/www/html
      - ./scripts:/opt/lab/scripts:ro
    networks:
      - lab

volumes:
  db_vuln:
  wp_vuln:
  db_patched:
  wp_patched:

networks:
  lab:
    name: cve-2026-27541_lab