services:
  # Dependencies
  postgres:
    # TODO: Enable pgaudit on dev instance. See https://github.com/pgaudit/pgaudit/issues/44#issuecomment-455090262
    image: postgres:17
    command:
      ["postgres", "-c", "wal_level=logical", "-c", "max_connections=200"]
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: firezone_dev
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    ports:
      - 5432:5432/tcp
    networks:
      - app-internal

  vault:
    image: vault:1.13.3
    environment:
      VAULT_ADDR: "http://127.0.0.1:8200"
      VAULT_DEV_ROOT_TOKEN_ID: "firezone"
      VAULT_LOG_LEVEL: "debug"
    ports:
      - 8200:8200/tcp
    cap_add:
      - IPC_LOCK
    networks:
      - app-internal
    healthcheck:
      test:
        [
          "CMD",
          "wget",
          "--spider",
          "--proxy",
          "off",
          "http://127.0.0.1:8200/v1/sys/health?standbyok=true",
        ]
      interval: 10s
      timeout: 3s
      retries: 10
      start_period: 5s

  common:
    image: alpine:latest # Dummy, will always be overridden.
    environment:
      # Database
      RUN_MANUAL_MIGRATIONS: "true"
      DATABASE_HOST: postgres
      DATABASE_PORT: 5432
      DATABASE_NAME: firezone_dev
      DATABASE_USER: postgres
      DATABASE_PASSWORD: postgres
      # Feature flags
      FEATURE_POLICY_CONDITIONS_ENABLED: "true"
      FEATURE_MULTI_SITE_RESOURCES_ENABLED: "true"
      FEATURE_SELF_HOSTED_RELAYS_ENABLED: "true"
      FEATURE_IDP_SYNC_ENABLED: "true"
      FEATURE_REST_API_ENABLED: "true"
      FEATURE_INTERNET_RESOURCE_ENABLED: "true"
      # Seeds
      STATIC_SEEDS: "true"
      ## Warning: The token is for the blackhole Postmark server created in a separate isolated account,
      ## that WILL NOT send any actual emails, but you can see and debug them in the Postmark dashboard.
      OUTBOUND_EMAIL_ADAPTER_OPTS: '{"api_key":"7da7d1cd-111c-44a7-b5ac-4027b9d230e5"}'
      # Secrets
      TOKENS_KEY_BASE: "5OVYJ83AcoQcPmdKNksuBhJFBhjHD1uUa9mDOHV/6EIdBQ6pXksIhkVeWIzFk5S2"
      TOKENS_SALT: "t01wa0K4lUd7mKa0HAtZdE+jFOPDDej2"
      SECRET_KEY_BASE: "5OVYJ83AcoQcPmdKNksuBhJFBhjHD1uUa9mDOHV/6EIdBQ6pXksIhkVeWIzFk5S2"
      LIVE_VIEW_SIGNING_SALT: "t01wa0K4lUd7mKa0HAtZdE+jFOPDDej2"
      COOKIE_SIGNING_SALT: "t01wa0K4lUd7mKa0HAtZdE+jFOPDDej2"
      COOKIE_ENCRYPTION_SALT: "t01wa0K4lUd7mKa0HAtZdE+jFOPDDej2"
      # Auth
      AUTH_PROVIDER_ADAPTERS: "email,openid_connect,userpass,token,google_workspace,microsoft_entra,okta,jumpcloud,mock"
      # Erlang
      ERLANG_DISTRIBUTION_PORT: 9000
      RELEASE_COOKIE: "NksuBhJFBhjHD1uUa9mDOHV"
      # Emails
      OUTBOUND_EMAIL_FROM: "public-noreply@firez.one"
      OUTBOUND_EMAIL_ADAPTER: "Elixir.Swoosh.Adapters.Postmark"
    networks:
      - app-internal

volumes:
  postgres-data:
  elixir-build-cache:
  assets-build-cache: