version: '2.4'
services:
  postgres:
    image: postgres:16.1
    environment:
      - POSTGRES_PASSWORD=hydra
      - POSTGRES_USER=hydra
      - POSTGRES_DB=hydra
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "hydra", "-d", "hydra"]
      interval: 3s
      timeout: 5s
      retries: 5
    network_mode: host

  hydra:
    image: &hydra_image oryd/hydra:v1.11
    environment: &hydra_environment
      - LOG_LEVEL=debug
      - LOG_LEAK_SENSITIVE_VALUES=true
      - SECRETS_SYSTEM=NotSoSecret123456
      - DSN=postgres://hydra:hydra@127.0.0.1:5432/hydra
      - URLS_CONSENT=http://localhost:3000/consent
      - URLS_LOGIN=http://localhost:3000/login
      - URLS_LOGOUT=http://localhost:3000/logout
    entrypoint: ""
    command: ["hydra", "serve", "all", "--dangerous-force-http", "--dangerous-allow-insecure-redirect-urls=http://localhost:8080/oauth2/callback,http://127.0.0.1:8080/oauth2/callback"]
    healthcheck:
      test: ["CMD", "/bin/sh", "-c", "wget -q --spider http://127.0.0.1:4444/.well-known/openid-configuration"]
      interval: 3s
      timeout: 5s
      retries: 5
    depends_on:
      init-hydra-database:
        condition: service_completed_successfully
    restart: unless-stopped
    network_mode: host

  
  oidc-test:
    image: reg.cadoles.com/cadoles/oidc-test:2023.11.6-stable.1557.e16b905
    environment:
      - LOG_LEVEL=0
      - HTTP_ADDRESS=0.0.0.0:8080
      - OIDC_CLIENT_ID=oidc-test
      - OIDC_CLIENT_SECRET=oidc-test-123456
      - OIDC_ISSUER_URL=http://127.0.0.1:4444/
      - OIDC_REDIRECT_URL=http://localhost:8080/oauth2/callback
      - OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:8080
      - OIDC_SKIP_ISSUER_VERIFICATION=true
    depends_on:
      init-hydra-client:
        condition: service_completed_successfully
    network_mode: host
    restart: unless-stopped

  init-hydra-database:
    image: *hydra_image
    environment: *hydra_environment
    command: ["migrate", "sql", "-e", "--yes"]
    network_mode: host
    depends_on:
      postgres:
        condition: service_healthy

  init-hydra-client:
    image: *hydra_image
    entrypoint: ""
    command: ["/bin/sh", "-c", "hydra clients import --endpoint http://127.0.0.1:4445 --fake-tls-termination /oidc/client.json || true"]
    environment: *hydra_environment     
    depends_on:
      init-hydra-database:
        condition: service_completed_successfully
      hydra:
        condition: service_healthy
    network_mode: host
    volumes:
      - ./misc/compose/hydra/client.json:/oidc/client.json