version: "3.7"

services:

  web-app:
    build: .

  oauth2-proxy:
    image: bitnami/oauth2-proxy:7.3.0
    depends_on:
      - redis
    command:
      - --http-address
      - 0.0.0.0:4180
      - --allowed-group soundlib
    environment:
      OAUTH2_PROXY_EMAIL_DOMAINS: '*'
      OAUTH2_PROXY_PROVIDER: oidc
      OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: "Keycloak"
      OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: true
      OAUTH2_PROXY_REDIRECT_URL: http://localhost/oauth2/callback

      OAUTH2_PROXY_OIDC_ISSUER_URL: "https://{{ keycloak_address }}/realms/master"
      OAUTH2_PROXY_CLIENT_ID: "{{ keycloak_clients[item].client_id }}"
      OAUTH2_PROXY_CLIENT_SECRET: "{{ keycloak_clients[item].party_secret }}"

      OAUTH2_PROXY_SKIP_JWT_BEARER_TOKENS: true
      OAUTH2_PROXY_OIDC_EMAIL_CLAIM: sub

      OAUTH2_PROXY_SET_XAUTHREQUEST: true
      OAUTH2_PROXY_PASS_ACCESS_TOKEN: true

      OAUTH2_PROXY_SESSION_STORE_TYPE: redis
      OAUTH2_PROXY_REDIS_CONNECTION_URL: redis://redis

      OAUTH2_PROXY_COOKIE_REFRESH: 30m
      OAUTH2_PROXY_COOKIE_NAME: SESSION
      OAUTH2_PROXY_COOKIE_SECRET: HISTORY_PURGED_SECRET

  redis:
    image: redis:7.0.2-alpine3.16
    volumes:
      - cache:/data

volumes:
  cache:
    driver: local