teOS/docker/docker-compose.yml

# =============================================================================
# tOS Docker Compose Configuration
# =============================================================================
# Usage:
#   Start:   docker compose up -d
#   Stop:    docker compose down
#   Logs:    docker compose logs -f [service]
#   Reset:   docker compose down -v && docker compose up -d
# =============================================================================

name: tos

services:
  # ---------------------------------------------------------------------------
  # PostgreSQL Database
  # ---------------------------------------------------------------------------
  postgres:
    image: postgres:16-alpine
    container_name: tos-postgres
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-tos_user}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-tos_secret_password}
      POSTGRES_DB: ${POSTGRES_DB:-tos_db}
      POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C"
    ports:
      - "${POSTGRES_PORT:-5432}:5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-tos_user} -d ${POSTGRES_DB:-tos_db}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s
    networks:
      - tos-network

  # ---------------------------------------------------------------------------
  # Redis Cache & Queue
  # ---------------------------------------------------------------------------
  redis:
    image: redis:7-alpine
    container_name: tos-redis
    restart: unless-stopped
    command: >
      redis-server
      --appendonly yes
      --maxmemory 256mb
      --maxmemory-policy allkeys-lru
    ports:
      - "${REDIS_PORT:-6379}:6379"
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 5s
    networks:
      - tos-network

  # ---------------------------------------------------------------------------
  # Keycloak Identity & Access Management
  # ---------------------------------------------------------------------------
  keycloak:
    image: quay.io/keycloak/keycloak:24.0
    container_name: tos-keycloak
    restart: unless-stopped
    command:
      - start-dev
      - --import-realm
    environment:
      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/${POSTGRES_DB:-tos_db}
      KC_DB_USERNAME: ${POSTGRES_USER:-tos_user}
      KC_DB_PASSWORD: ${POSTGRES_PASSWORD:-tos_secret_password}
      KC_HOSTNAME: localhost
      KC_HOSTNAME_PORT: ${KEYCLOAK_PORT:-8080}
      KC_HOSTNAME_STRICT: "false"
      KC_HOSTNAME_STRICT_HTTPS: "false"
      KC_HTTP_ENABLED: "true"
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
      KC_LOG_LEVEL: INFO
    ports:
      - "${KEYCLOAK_PORT:-8080}:8080"
    volumes:
      - ./keycloak/realm-export.json:/opt/keycloak/data/import/realm-export.json:ro
    healthcheck:
      # Keycloak 24+ nutzt /health/ready Endpoint
      # Verwendet bash redirect da curl nicht in UBI9 enthalten ist
      test: >
        bash -c 'exec 3<>/dev/tcp/localhost/8080 &&
        echo -e "GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" >&3 &&
        timeout 2 cat <&3 | grep -q "200 OK"'
      interval: 30s
      timeout: 15s
      retries: 5
      start_period: 90s
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - tos-network

volumes:
  postgres_data:
    name: tos-postgres-data
  redis_data:
    name: tos-redis-data

networks:
  tos-network:
    name: tos-network
    driver: bridge