# WARNING: Do not deploy this tutorial configuration directly to a production environment
#
# The tutorial docker-compose files have not been written for production deployment and will not 
# scale. A proper architecture has been sacrificed to keep the narrative focused on the learning 
# goals, they are just used to deploy everything onto a single Docker machine. All FIWARE components 
# are running at full debug and extra ports have been exposed to allow for direct calls to services. 
# They also contain various obvious security flaws - passwords in plain text, no load balancing,
# no use of HTTPS and so on. 
# 
# This is all to avoid the need of multiple machines, generating certificates, encrypting secrets
# and so on, purely so that a single docker-compose file can be read as an example to build on, 
# not use directly. 
# 
# When deploying to a production environment, please refer to the Helm Repository
# for FIWARE Components in order to scale up to a proper architecture:
# 
# see: https://github.com/FIWARE/helm-charts/
#
version: "3.8"
services:
  # Keyrock is an Identity Management Front-End
  keyrock:
    labels:
      org.fiware: 'tutorial'
    image: quay.io/fiware/idm:${KEYROCK_VERSION}
    container_name: fiware-keyrock
    hostname: keyrock
    networks:
      default:
        ipv4_address: 172.18.1.5
    depends_on:
      - mysql-db
    ports:
      - "${KEYROCK_PORT}:${KEYROCK_PORT}" # localhost:3005
      - "${KEYROCK_HTTPS_PORT}:${KEYROCK_HTTPS_PORT}" # localhost:3443
    environment:
      - "DEBUG=idm:*"
      - "IDM_DB_HOST=mysql-db"
      - "IDM_DB_PASS_FILE=/run/secrets/my_secret_data"
      - "IDM_DB_USER=root"
      - "IDM_PORT=${KEYROCK_PORT}"
      - "IDM_HOST=http://localhost:${KEYROCK_PORT}"
      - "IDM_HTTPS_ENABLED=${IDM_HTTPS_ENABLED}"
      - "IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}"
      - "IDM_ADMIN_USER=admin"
      - "IDM_ADMIN_EMAIL=admin@test.com"
      - "IDM_ADMIN_PASS=1234"
      - IDM_CSP_FORM_ACTION=*
    secrets:
      - my_secret_data
    healthcheck:
      interval: 5s

  # Database
  mysql-db:
    restart: always
    labels:
      org.fiware: 'tutorial'
    image: mysql:${MYSQL_DB_VERSION}
    hostname: mysql-db
    container_name: db-mysql
    expose:
      - "${MYSQL_DB_PORT}"
    ports:
      - "${MYSQL_DB_PORT}:${MYSQL_DB_PORT}"
    networks:
      default:
        ipv4_address: 172.18.1.6
    environment:
      - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data"
      - "MYSQL_ROOT_HOST=172.18.1.5" # Allow Keyrock to access this database
    volumes:
      - mysql-db:/var/lib/mysql
    secrets:
      - my_secret_data

networks:
  default:
    labels:
      org.fiware: 'tutorial'
    ipam:
      config:
        - subnet: 172.18.1.0/24
volumes:
  mysql-db: ~

secrets:
  my_secret_data:
    file: ./secrets.txt