version: '3.4'

volumes:
  mysql_data:
      driver: local
  realm-export.json:

services:
  keycloak:
      container_name: keycloak
      image: quay.io/keycloak/keycloak:latest
      hostname: keycloak
      volumes:
        - ${PWD}/realm-export.json:/opt/keycloak/data/import/realm-export.json
      environment:
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: admin
        KEYCLOAK_ADMIN: admin
        KEYCLOAK_ADMIN_PASSWORD: admin
      ports:
        - 8080:8080
      restart: on-failure
      command:
        - start-dev
        - --import-realm
        - --http-relative-path=/auth
      healthcheck:
        test: ["CMD", "curl", "-f", "http://localhost:8080/auth"]
        interval: 10s
        timeout: 3s
        retries: 10
        start_period: 5s
  xrdp:
      container_name: xrdp
      hostname: xrdp
      image: bolkedebruin/docker-ubuntu-xrdp-mate-rdpgw:latest
      ports:
        - 3389:3389
      restart: on-failure
      volumes:
        - ${PWD}/xrdp_users.txt:/root/createusers.txt
      environment:
        TZ: "Europe/Amsterdam"
  rdpgw:
       build: .
       ports:
         - 9443:9443
       restart: on-failure
       depends_on:
        keycloak:
         condition: service_healthy
       environment:
         RDPGW_SERVER__SESSION_STORE: file
         RDPGW_SERVER__CERT_FILE: /opt/rdpgw/server.pem
         RDPGW_SERVER__KEY_FILE: /opt/rdpgw/key.pem
         RDPGW_SERVER__GATEWAY_ADDRESS: localhost:9443
         RDPGW_SERVER__PORT: 9443
         RDPGW_SERVER__HOSTS: xrdp:3389
         RDPGW_SERVER__ROUND_ROBIN: "false"
         RDPGW_OPEN_ID__PROVIDER_URL: "http://keycloak:8080/auth/realms/rdpgw"
         RDPGW_OPEN_ID__CLIENT_ID: rdpgw
         RDPGW_OPEN_ID__CLIENT_SECRET: 01cd304c-6f43-4480-9479-618eb6fd578f
         RDPGW_CLIENT__USERNAME_TEMPLATE: "{{ username }}"
         RDPGW_CAPS__TOKEN_AUTH: "true"
       healthcheck:
         test: ["CMD", "curl", "-f", "http://keycloak:8080"]
         interval: 10s
         timeout: 10s
         retries: 10