services:
  postgres_ory:
    image: postgres:${ORY_POSTGRES_TAG:-17-alpine}
    container_name: ory_postgres
    environment:
      - POSTGRES_USER=${ORY_POSTGRES_USER:-ory}
      - POSTGRES_PASSWORD=${ORY_POSTGRES_PASSWORD:-secret}
      - POSTGRES_DB=${ORY_POSTGRES_DB:-ory}
    volumes:
      - ./docker/ory/init-db:/docker-entrypoint-initdb.d
      - ory_postgres_data:/var/lib/postgresql/data
    networks:
      - ory-net
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "pg_isready -U ${ORY_POSTGRES_USER:-ory} -d ${KRATOS_DB:-ory_kratos}",
        ]
      interval: 5s
      timeout: 5s
      retries: 5

  kratos-migrate:
    image: oryd/kratos:${KRATOS_VERSION:-v25.4.0}
    environment:
      - DSN="postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KRATOS_DB:-ory_kratos}?sslmode=disable&max_conns=20"
      - KRATOS_SERVE_PUBLIC_BASE_URL="${KRATOS_BROWSER_URL:-http://localhost:4433}"
      - KRATOS_SERVE_ADMIN_BASE_URL="${KRATOS_ADMIN_URL:-http://kratos:4434}"
      - KRATOS_SELFSERVICE_DEFAULT_BROWSER_RETURN_URL="${KRATOS_UI_URL:-http://localhost:5000}"
      - KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS='["${KRATOS_UI_URL:-http://localhost:5000}","${USERFRONT_URL:-http://localhost:5000}"]'
    volumes:
      - ./docker/ory/kratos:/etc/config/kratos
    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
    depends_on:
      postgres_ory:
        condition: service_healthy
    networks:
      - ory-net

  kratos:
    image: oryd/kratos:${KRATOS_VERSION:-v25.4.0}
    container_name: ory_kratos
    environment:
      - DSN="postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KRATOS_DB:-ory_kratos}?sslmode=disable&max_conns=20"
      - COOKIE_SECRET="${COOKIE_SECRET:-localcookie123}"
      - KRATOS_SERVE_PUBLIC_BASE_URL="${KRATOS_BROWSER_URL:-http://localhost:4433}"
      - KRATOS_SERVE_ADMIN_BASE_URL="${KRATOS_ADMIN_URL:-http://kratos:4434}"
      - KRATOS_SELFSERVICE_DEFAULT_BROWSER_RETURN_URL="${KRATOS_UI_URL:-http://localhost:5000}"
      - KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS='["${KRATOS_UI_URL:-http://localhost:5000}","${USERFRONT_URL:-http://localhost:5000}"]'
    volumes:
      - ./docker/ory/kratos:/etc/config/kratos
    command: serve -c /etc/config/kratos/kratos.yml --dev
    depends_on:
      kratos-migrate:
        condition: service_completed_successfully
    networks:
      - ory-net
      - kratosnet

  hydra:
    image: oryd/hydra:${HYDRA_VERSION:-v25.4.0}
    container_name: ory_hydra
    environment:
      - DSN="postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20"
      - URLS_SELF_ISSUER="${USERFRONT_URL:-http://localhost:5000}/oidc"
      - URLS_LOGIN="${USERFRONT_URL:-http://localhost:5000}/login"
      - URLS_CONSENT="${USERFRONT_URL:-http://localhost:5000}/consent"
      - SECRETS_SYSTEM="${ORY_POSTGRES_PASSWORD}"
    volumes:
      - ./docker/ory/hydra:/etc/config/hydra
    command: serve -c /etc/config/hydra/hydra.yml all --dev
    networks:
      - ory-net
      - hydranet

volumes:
  ory_postgres_data:

networks:
  ory-net:
    external: true
    name: ory-net
  hydranet:
    external: true
    name: hydranet
  kratosnet:
    external: true
    name: kratosnet
  public_net:
    external: true
    name: public_net