## Local dev stack for sunbeam code iteration.
## Run: docker compose -f docker-compose.dev.yaml up
## Sol gRPC on localhost:50051, Matrix on localhost:8008

services:
  opensearch:
    image: opensearchproject/opensearch:3
    environment:
      - discovery.type=single-node
      - OPENSEARCH_JAVA_OPTS=-Xms1536m -Xmx1536m
      - DISABLE_SECURITY_PLUGIN=true
      - plugins.ml_commons.only_run_on_ml_node=false
      - plugins.ml_commons.native_memory_threshold=90
      - plugins.ml_commons.model_access_control_enabled=false
      - plugins.ml_commons.allow_registering_model_via_url=true
    ports:
      - "9200:9200"
    volumes:
      - opensearch-data:/usr/share/opensearch/data
    healthcheck:
      test: ["CMD-SHELL", "curl -sf http://localhost:9200/_cluster/health || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 10

  tuwunel:
    image: jevolk/tuwunel:main
    environment:
      - CONDUWUIT_SERVER_NAME=sunbeam.local
      - CONDUWUIT_DATABASE_PATH=/data
      - CONDUWUIT_PORT=8008
      - CONDUWUIT_ADDRESS=0.0.0.0
      - CONDUWUIT_ALLOW_REGISTRATION=true
      - CONDUWUIT_ALLOW_GUEST_REGISTRATION=true
      - CONDUWUIT_YES_I_AM_VERY_VERY_SURE_I_WANT_AN_OPEN_REGISTRATION_SERVER_PRONE_TO_ABUSE=true
      - CONDUWUIT_LOG=info
    ports:
      - "8008:8008"
    volumes:
      - tuwunel-data:/data

  searxng:
    image: searxng/searxng:latest
    environment:
      - SEARXNG_SECRET=dev-secret-key
    ports:
      - "8888:8080"
    volumes:
      - ./dev/searxng-settings.yml:/etc/searxng/settings.yml:ro

  gitea:
    image: gitea/gitea:1.22
    environment:
      - GITEA__database__DB_TYPE=sqlite3
      - GITEA__server__ROOT_URL=http://localhost:3000
      - GITEA__server__HTTP_PORT=3000
      - GITEA__service__DISABLE_REGISTRATION=false
      - GITEA__service__REQUIRE_SIGNIN_VIEW=false
      - GITEA__security__INSTALL_LOCK=true
      - GITEA__api__ENABLE_SWAGGER=false
    ports:
      - "3000:3000"
    volumes:
      - gitea-data:/data
    healthcheck:
      test: ["CMD-SHELL", "curl -sf http://localhost:3000/api/v1/version || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 10

  openbao:
    image: quay.io/openbao/openbao:2.5.1
    cap_add:
      - IPC_LOCK
    environment:
      - BAO_DEV_ROOT_TOKEN_ID=dev-root-token
      - BAO_DEV_LISTEN_ADDRESS=0.0.0.0:8200
    ports:
      - "8200:8200"
    healthcheck:
      test: ["CMD", "bao", "status", "-address=http://127.0.0.1:8200"]
      interval: 5s
      timeout: 3s
      retries: 10

  kratos-migrate:
    image: oryd/kratos:v1.3.1
    command: migrate sql -e --yes
    environment:
      - DSN=sqlite:///var/lib/sqlite/kratos.db?_fk=true&mode=rwc
    volumes:
      - ./dev/kratos.yml:/etc/kratos/kratos.yml:ro
      - ./dev/identity.schema.json:/etc/kratos/identity.schema.json:ro
      - kratos-data:/var/lib/sqlite

  kratos:
    image: oryd/kratos:v1.3.1
    command: serve -c /etc/kratos/kratos.yml --dev --watch-courier
    depends_on:
      kratos-migrate:
        condition: service_completed_successfully
    ports:
      - "4433:4433"   # public
      - "4434:4434"   # admin
    volumes:
      - ./dev/kratos.yml:/etc/kratos/kratos.yml:ro
      - ./dev/identity.schema.json:/etc/kratos/identity.schema.json:ro
      - kratos-data:/var/lib/sqlite
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:4434/admin/health/ready || exit 1"]
      interval: 5s
      timeout: 3s
      retries: 10

volumes:
  opensearch-data:
  tuwunel-data:
  gitea-data:
  kratos-data: