docker-compose.yml

volumes:
  postgres:
  kafka:
  goose:

services:
  postgres:
    image: postgres:16
    restart: unless-stopped
    environment:
      POSTGRES_USER: testing
      POSTGRES_PASSWORD: testing
      POSTGRES_DB: testing
    volumes:
      - postgres:/var/lib/postgresql/data
      - ./internal/postgres/schema.sql:/docker-entrypoint-initdb.d/schema.sql:ro
    ports: 
      - 5432:5432

  kafka:
    image: bitnami/kafka
    restart: unless-stopped
    environment:
      KAFKA_CFG_NODE_ID: 0
      KAFKA_CFG_PROCESS_ROLES: controller,broker
      KAFKA_CFG_LISTENERS: INTERNAL://:9092,EXTERNAL://:19092,CONTROLLER://:9093
      KAFKA_CFG_ADVERTISED_LISTENERS: INTERNAL://kafka:9092,EXTERNAL://localhost:19092
      KAFKA_CFG_INTER_BROKER_LISTENER_NAME: INTERNAL
      KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,INTERNAL:PLAINTEXT,EXTERNAL:PLAINTEXT
      KAFKA_CFG_CONTROLLER_QUORUM_VOTERS: 0@localhost:9093
      KAFKA_CFG_CONTROLLER_LISTENER_NAMES: CONTROLLER
    volumes:
      - kafka:/bitnami/kafka
    ports:
      - 19092:19092

  tenant:
    image: caddy:2.7.6
    restart: unless-stopped
    environment:
      CA_PATH: /local/ca.crt
      TLS_KEY_PATH: /local/tenant.key
      TLS_CERT_PATH: /local/tenant.crt
    volumes:
      - ./.local:/local
    entrypoint:
      - sh 
      - -c 
      - |
        caddy run -a caddyfile -c - <<-'EOF'
        :8443 {
          tls {$$TLS_CERT_PATH} {$$TLS_KEY_PATH} {
            ca_root {$$CA_PATH}
            client_auth {
              mode require_and_verify
              trusted_ca_cert_file {$$CA_PATH}
            }
          }

          header Content-Type application/json
          respond /tenants/018e282f-0a88-7950-91d8-34cb8f9a9c2c 200 {
            body <<JSON
              {"id":"018e282f-0a88-7950-91d8-34cb8f9a9c2c","name":"dummy","expire":"2034-12-31T23:59:59.99999+07:00"}
            JSON
          }
        }
        EOF

  profile:
    build: .
    depends_on:
      postgres:
        condition: service_started
      kafka:
        condition: service_started
      tenant:
        condition: service_started
    restart: unless-stopped
    environment:
      PROFILE_AEAD_DERIVABLE_KEYSET_PATH: /local/tink-aead.json
      PROFILE_MAC_DERIVABLE_KEYSET_PATH: /local/tink-mac.json
      PROFILE_BIDX_DERIVABLE_KEYSET_PATH: /local/tink-mac.json
      PROFILE_TLS_KEY_PATH: /local/profile.key
      PROFILE_TLS_CERT_PATH: /local/profile.crt
      PROFILE_TLS_CLIENT_CA_PATH: /local/ca.crt
      PROFILE_TLS_ROOT_CA_PATH: /local/ca.crt
      PROFILE_TLS_MUTUAL_AUTH: "false"
      PROFILE_OTEL_TRACE_PROVIDER:
      PROFILE_LOG_LEVEL:

      PROFILE_HTTP_LISTEN_ADDRESS: :8443
      PROFILE_TENANT_SERVICE_BASE_URL: https://tenant:8443
      PROFILE_KAFKA_BROKERS: kafka:9092
      PROFILE_KAFKA_TOPIC_OUTBOX: outbox
      PROFILE_POSTGRES_URL: postgres://testing:testing@postgres:5432/testing?sslmode=disable
    volumes:
      - ./.local:/local
    ports:
      - 8443:8443