version: '2.4'
services:
  composer:
    image: local/osbuild-composer
    build:
      context: ../../osbuild-composer
      dockerfile: ./distribution/Dockerfile-ubi
    entrypoint:
      [
        "python3",
        "/opt/entrypoint.py",
        "--remote-worker-api",
        "--composer-api"
      ]
    volumes:
      - ${COMPOSER_CONFIG_DIR}/osbuild-composer.toml:/etc/osbuild-composer/osbuild-composer.toml:z
      - ${COMPOSER_CONFIG_DIR}/acl.yml:/etc/osbuild-composer/acl.yml:z
      - ${CERT_DIR}/ca-crt.pem:/etc/osbuild-composer/ca-crt.pem:z
      - ${CERT_DIR}/composer-crt.pem:/etc/osbuild-composer/composer-crt.pem:z
      - ${CERT_DIR}/composer-key.pem:/etc/osbuild-composer/composer-key.pem:z
    ports:
      - 8080:8080
      - 8700:8700
    networks:
      net:
        ipv4_address: 172.31.0.10
  worker:
    image: local/osbuild-worker
    build:
      context: ../../osbuild-composer
      dockerfile: ./distribution/Dockerfile-worker
    # override the entrypoint to specify composer hostname and port
    entrypoint: [ "/usr/libexec/osbuild-composer/osbuild-worker", "composer:8700" ]
    volumes:
      - ${CERT_DIR}/ca-crt.pem:/etc/osbuild-composer/ca-crt.pem:z
      - ${WORKER_CONFIG_DIR}/osbuild-worker.toml:/etc/osbuild-worker/osbuild-worker.toml:z
      - ${WORKER_CONFIG_DIR}/secret:/etc/osbuild-worker/secret:z
    environment:
      - CACHE_DIRECTORY=/var/cache/osbuild-composer
    privileged: true
    cap_add:
      - MKNOD
      - SYS_ADMIN
      - NET_ADMIN
    networks:
      net:
        ipv4_address: 172.31.0.20
    depends_on:
      - "composer"
    restart: on-failure
  postgres:
    image: docker.io/postgres:10.5
    healthcheck:
      test: [ "CMD", "pg_isready", "-U", "postgres", "-d", "postgres" ]
      interval: 2s
      timeout: 2s
      retries: 10
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
    volumes:
      - ../../image-builder/internal/db/migrations-tern/:/docker-entrypoint-initdb.d/:Z
    networks:
      net:
        ipv4_address: 172.31.0.30
  backend:
    image: local/image-builder
    build:
      context: ../../image-builder
      dockerfile: ./distribution/Dockerfile-ubi
    healthcheck:
      test: [ "CMD", "curl", "localhost:8086/status" ]
      interval: 2s
      timeout: 2s
      retries: 10
    volumes:
      - ./config/backend/quotas.json:/config/quotas.json:z
      - ${CERT_DIR}/ca-crt.pem:/etc/image-builder/ca-crt.pem:z
      - ${CERT_DIR}/client-crt.pem:/etc/image-builder/client-crt.pem:z
      - ${CERT_DIR}/client-key.pem:/etc/image-builder/client-key.pem:z
    environment:
      - LISTEN_ADDRESS=backend:8086
      - LOG_LEVEL=DEBUG
      - ALLOWED_ORG_IDS=*
      - PGHOST=postgres
      - PGPORT=5432
      - PGDATABASE=postgres
      - PGUSER=postgres
      - PGPASSWORD=postgres
      - COMPOSER_URL=https://composer:8080
      - COMPOSER_TOKEN_URL=http://fauxauth:8888/token?refresh_token=42
      - COMPOSER_CLIENT_SECRET=${COMPOSER_CLIENT_SECRET}
      - COMPOSER_CLIENT_ID=${COMPOSER_CLIENT_ID}
      - COMPOSER_CA_PATH=/etc/image-builder/ca-crt.pem
      - DISTRIBUTIONS_DIR=/app/distributions
      - QUOTA_FILE=/config/quotas.json
    networks:
      net:
        ipv4_address: 172.31.0.40
    depends_on:
      - "composer"
      - "postgres"
    restart: on-failure
  frontend:
    image: local/image-builder-frontend
    build:
      context: ../../image-builder-frontend
      dockerfile: ./distribution/Dockerfile
    environment:
      - HOST=frontend
    networks:
      net:
        ipv4_address: 172.31.0.50
  insightsproxy:
    image: redhatinsights/insights-proxy:latest
    security_opt:
      - label=disable
    environment:
      - CUSTOM_CONF=true
    volumes:
      - ${SPANDX_CONFIG}:/config/spandx.config.js:Z
    extra_hosts:
      - "prod.foo.redhat.com:127.0.0.1"
      - "qa.foo.redhat.com:127.0.0.1"
      - "ci.foo.redhat.com:127.0.0.1"
      - "stage.foo.redhat.com:127.0.0.1"
    networks:
      net:
        ipv4_address: 172.31.0.60
    ports:
      - 1337:1337
    depends_on:
     - "backend"
     - "frontend"
  prometheus:
    profiles: ["metrics"]
    image: prom/prometheus:latest
    ports:
      - "9000:9090"
    volumes:
      - ./config/prometheus:/config
      - ${CERT_DIR}/ca-crt.pem:/etc/image-builder/ca-crt.pem:z
      - ${CERT_DIR}/client-crt.pem:/etc/image-builder/client-crt.pem:z
      - ${CERT_DIR}/client-key.pem:/etc/image-builder/client-key.pem:z
    restart: unless-stopped
    networks:
      net:
        ipv4_address: 172.31.0.70
    command:
      - "--config.file=/config/prometheus.yml"
  grafana:
    profiles: ["metrics"]
    image: grafana/grafana:latest
    ports:
      - "3000:3000"
    volumes:
      - ./config/grafana:/etc/grafana/provisioning/
    restart: unless-stopped
    networks:
      net:
        ipv4_address: 172.31.0.80
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=foobar
  fauxauth:
    image: local/osbuild-fauxauth
    build:
      context: ../../osbuild-composer
      dockerfile: ./distribution/Dockerfile-fauxauth
    entrypoint: [ "/opt/fauxauth.py", "-a", "0.0.0.0", "-p", "8888" ]
    volumes:
      - ${CERT_DIR}/:/etc/osbuild-composer/:z
    ports:
      - "8888:8888"
    networks:
      net:
        ipv4_address: 172.31.0.90
networks:
  net:
    ipam:
      driver: default
      config:
        - subnet: 172.31.0.0/16