version: "3.9"
services:

  idhub1:
    init: true
    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
    environment:
      - DEBUG=true
      - INITIAL_ADMIN_EMAIL=${IDHUB_PILOT_TEST__ADMIN_EMAIL}
      - INITIAL_ADMIN_PASSWORD=${IDHUB_PILOT_TEST__ADMIN_PASSWORD}
      - CREATE_TEST_USERS=true
      - ENABLE_EMAIL=false
      - ENABLE_2FACTOR_AUTH=false
      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
      - PORT=${IDHUB_PORT:-9001}
      # only on localhost hostname did-resolve uses http endpoint
      #   and here we need it to very vcred of didweb
      # $ docker run ghcr.io/spruceid/didkit-cli:latest did-resolve did:web:localhost:test
      # Error sending HTTP request : error sending request for url (http://localhost/.well-known/did.json): error trying to connect: tcp connect error: Address not available (os error 99)
      #   version: 2023-04-24 10:21:58 ghcr.io/spruceid/didkit-cli@sha256:0e559663f962e2ced2fb4034e415f6b5dbdec57e85f69b546e7699ac6ba35219
      - DOMAIN=${DOMAIN1:-localhost}
      - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
      - EMAIL_HOST=${IDHUB_EMAIL_HOST}
      - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
      - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
      - EMAIL_PORT=${IDHUB_EMAIL_PORT}
      - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
      - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
      - SUPPORTED_CREDENTIALS=['CourseCredential', 'EOperatorClaim', 'FederationMembership', 'FinancialVulnerabilityCredential', 'MembershipCard']
      - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
      - OIDC_ORGS=examples/organizations__instance_localhost-pair.csv
      - OIDC_REDIRECT=true
      #- OIDC_REDIRECT=false
      - ALLOW_CODE_URI=http://localhost/oidc4vp/allow_code
    ports:
      - 9091:9001
    volumes:
      - ./idhub1__instance-localhost-pair:/opt/idhub
      - sharedsecret:/sharedsecret:rw
    # nginx manage proxypass to these docker containers
    #   inspired by https://stackoverflow.com/a/43541681
    extra_hosts:
      - 'localhost:host-gateway'
      - 'idhub2:host-gateway'

  idhub2:
    init: true
    image: dkr-dsg.ac.upc.edu/trustchain-oc1-orchestral/idhub:latest
    environment:
      - DEBUG=true
      - INITIAL_ADMIN_EMAIL=${IDHUB_PILOT_TEST__ADMIN_EMAIL}
      - INITIAL_ADMIN_PASSWORD=${IDHUB_PILOT_TEST__ADMIN_PASSWORD}
      - CREATE_TEST_USERS=true
      - ENABLE_EMAIL=false
      - ENABLE_2FACTOR_AUTH=false
      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
      - PORT=${IDHUB_PORT:-9001}
      - DOMAIN=${DOMAIN2:-idhub2}
      - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
      - EMAIL_HOST=${IDHUB_EMAIL_HOST}
      - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
      - EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
      - EMAIL_PORT=${IDHUB_EMAIL_PORT}
      - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
      - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
      # only the one we support for OIDC flow, if we add more, it reaches a UX bug
      - SUPPORTED_CREDENTIALS=['FinancialVulnerabilityCredential']
      - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
      - OIDC_ORGS=examples/organizations__instance_localhost-pair.csv
      - OIDC_REDIRECT=true
      #- OIDC_REDIRECT=false
      - ALLOW_CODE_URI=http://idhub2/oidc4vp/allow_code
    ports:
      - 9092:9001
    volumes:
      - ./idhub2__instance-localhost-pair:/opt/idhub
      - sharedsecret:/sharedsecret:rw
    # nginx manage proxypass to these docker containers
    #   inspired by https://stackoverflow.com/a/43541681
    extra_hosts:
      - 'localhost:host-gateway'
      - 'idhub2:host-gateway'

volumes:
  sharedsecret: