captainVersion: 4
services:
    $$cap_appname-db:
        image: postgres:$$cap_postgres_version
        volumes:
            - $$cap_appname-db-data:/var/lib/postgresql/data
        restart: always
        environment:
            POSTGRES_USER: keycloak
            POSTGRES_PASSWORD: $$cap_pg_pass
            POSTGRES_DB: keycloak
        caproverExtra:
            notExposeAsWebApp: 'true'
    $$cap_appname:
        depends_on:
            - $$cap_appname-db
        restart: always
        environment:
            KEYCLOAK_ADMIN: $$cap_keycloak_admin
            KEYCLOAK_ADMIN_PASSWORD: $$cap_keycloak_password
            KC_DB_PASSWORD: $$cap_pg_pass
        caproverExtra:
            containerHttpPort: '8080'
            dockerfileLines:
                - FROM quay.io/keycloak/keycloak:$$cap_keycloak_version as builder
                - ENV KC_HEALTH_ENABLED=true
                - ENV KC_METRICS_ENABLED=false
                - ENV KC_FEATURES=token-exchange,recovery-codes
                - ENV KC_DB=postgres
                - RUN /opt/keycloak/bin/kc.sh build

                - FROM quay.io/keycloak/keycloak:$$cap_keycloak_version
                - COPY --from=builder /opt/keycloak/ /opt/keycloak/
                - WORKDIR /opt/keycloak
                - ENV KC_DB_URL=jdbc:postgresql://srv-captain--$$cap_appname-db/keycloak
                - ENV KC_DB_USERNAME=keycloak
                - ENV KC_DB_PASSWORD=$$cap_pg_pass
                - ENV KC_HOSTNAME=$$cap_appname.$$cap_root_domain
                - ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized", "--proxy=edge"]

caproverOneClickApp:
    variables:
        - id: $$cap_postgres_version
          label: Postgres Version
          defaultValue: '15'
          description: Check out Keycloak DB page for any valid major tested https://www.keycloak.org/server/db
          validRegex: /^([^\s^\/])+$/
        - id: $$cap_keycloak_version
          label: Keycloak Version
          defaultValue: '23.0.1'
          description: v23.0.1 current as of 2023-12-06.  Check out Keycloak Docker page for the valid tags https://quay.io/repository/keycloak/keycloak?tab=tags
          validRegex: /^([^\s^\/])+$/
        - id: $$cap_pg_pass
          label: Postgres Password
          description: 'App-to-app database credential.  12-20 characters.'
          defaultValue: $$cap_gen_random_hex(20)
          validRegex: /.{12,20}/
        - id: $$cap_keycloak_admin
          label: Keycloak admin user
          description: 'Login username for the admin web user.'
          defaultValue: 'admin'
          validRegex: /.{1,}/
        - id: $$cap_keycloak_password
          label: Keycloak admin password
          description: 'Login password for the admin web user.  12-20 characters.'
          defaultValue: $$cap_gen_random_hex(20)
          validRegex: /.{12,20}/
    instructions:
        start: >-
            Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. It makes it easy to secure applications and services with little to no code.

            For documentation, see: https://www.keycloak.org/documentation.html

            For source code, see: https://github.com/keycloak/keycloak

            For docker image, see: https://quay.io/repository/keycloak/keycloak

            Enter your Keycloak Configuration parameters and click on next.
        end: >
            Keycloak is deployed and available as $$cap_appname. 

            Before starting using Keycloak, you'll need to

            - Enable HTTPS

            - Force HTTPS by redirecting all HTTP traffic to HTTPS


            IMPORTANT: It will take up to 1 minutes for Keycloak to be ready. Before that, you might see 502 error page.
    displayName: 'Keycloak'
    isOfficial: true
    description: Keycloak is an open source identity and access management solution
    documentation: Taken from https://github.com/keycloak/keycloak-containers/blob/main/docker-compose-examples/keycloak-postgres.yml