meldestelle/dc-infra.yaml

name: "${PROJECT_NAME:-meldestelle}"

services:
  # ==========================================
  # 1. INFRASTRUCTURE (Stateful & Core)
  # ==========================================

  # --- DATABASE: PostgreSQL ---
  postgres:
    image: "${POSTGRES_IMAGE:-postgres:16-alpine}"
    container_name: "${PROJECT_NAME:-meldestelle}-postgres"
    # OPTIMIERUNG: Automatischer Neustart bei System-Reboot
    restart: unless-stopped
    ports:
      - "${POSTGRES_PORT:-5432:5432}"
    environment:
      POSTGRES_USER: "${POSTGRES_USER:-pg-user}"
      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-pg-password}"
      POSTGRES_DB: "${POSTGRES_DB:-pg-meldestelle-db}"
    volumes:
      - "postgres-data:/var/lib/postgresql/data"
      - "./config/docker/postgres:/docker-entrypoint-initdb.d:Z"
      - "./config/docker/postgres/postgresql.conf:/etc/postgresql/postgresql.conf:Z"
    profiles: [ "infra", "all" ]
    # OPTIMIERUNG: Dynamische Speicherzuweisung via .env Overrides
    command:
      - "postgres"
      - "-c"
      - "config_file=/etc/postgresql/postgresql.conf"
      - "-c"
      - "shared_buffers=${POSTGRES_SHARED_BUFFERS:-256MB}"
      - "-c"
      - "effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-768MB}"
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" ]
      # OPTIMIERUNG: Höheres Intervall (10s), um Zora im Normalbetrieb zu entlasten
      interval: "10s"
      timeout: "5s"
      retries: "5"
      start_period: "5s"
    networks:
      meldestelle-network:
        aliases:
          - "postgres"

  # --- CACHE: Valkey (formerly Redis) ---
  valkey:
    # Valkey 9.0 (User Request)
    image: "${VALKEY_IMAGE:-valkey/valkey:9-alpine}"
    container_name: "${PROJECT_NAME:-meldestelle}-valkey"
    restart: unless-stopped
    ports:
      - "${VALKEY_PORT:-6379:6379}"
    volumes:
      - "valkey-data:/data"
      # Wir nutzen weiterhin die valkey.conf, da Valkey kompatibel ist
      - "./config/docker/valkey/valkey.conf:/etc/valkey/valkey.conf:Z"
    profiles: [ "infra", "all" ]
    # Anpassung der Binaries auf valkey-server und valkey-cli
    # command: [ "sh", "-lc", "exec valkey-server /etc/valkey/valkey.conf --protected-mode no ${VALKEY_PASSWORD:+--requirepass $VALKEY_PASSWORD}" ]
    command:
      - "sh"
      - "-lc"
      - |
        exec valkey-server /etc/valkey/valkey.conf \
        --protected-mode no \
        --maxmemory ${VALKEY_MAXMEMORY:-256mb} \
        --maxmemory-policy ${VALKEY_POLICY:-allkeys-lru} \
        ${VALKEY_PASSWORD:+--requirepass $VALKEY_PASSWORD}        
    healthcheck:
      test: [ "CMD-SHELL", "[ -z \"$VALKEY_PASSWORD\" ] && valkey-cli ping | grep PONG || valkey-cli -a \"$VALKEY_PASSWORD\" ping | grep PONG" ]
      interval: "5s"
      timeout: "5s"
      retries: "3"
    networks:
      meldestelle-network:
        aliases:
          - "valkey"

  # --- SERVICE DISCOVERY: Consul ---
  consul:
    image: "${CONSUL_IMAGE:-hashicorp/consul:1.22.1}"
    container_name: "${PROJECT_NAME:-meldestelle}-consul"
    restart: no
    ports:
      - "${CONSUL_PORT:-8500:8500}"
      - "${CONSUL_UDP_PORT:-8600:8600/udp}"
    command: "agent -server -bootstrap-expect=1 -ui -client=0.0.0.0"
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:8500/v1/status/leader" ]
      interval: "30s"
      timeout: "10s"
      retries: "3"
    networks:
      meldestelle-network:
        aliases:
          - "consul"
    profiles: [ "infra", "all" ]

  # --- TRACING: Zipkin ---
  zipkin:
    image: "${ZIPKIN_IMAGE:-openzipkin/zipkin:3}"
    container_name: "${PROJECT_NAME:-meldestelle}-zipkin"
    restart: no
    ports:
      - "${ZIPKIN_PORT:-9411:9411}"
    profiles: [ "infra", "all" ]
    networks:
      meldestelle-network:
        aliases:
          - "zipkin"

  # --- EMAIL TESTING: Mailpit ---
  mailpit:
    image: "axllent/mailpit"
    container_name: "${PROJECT_NAME:-meldestelle}-mailpit"
    restart: no
    ports:
      - "8025:8025" # Web UI
      - "1025:1025" # SMTP Port
    environment:
      MP_MAX_MESSAGES: 5000
      MP_DATABASE: /data/mailpit.db
      MP_SMTP_AUTH_ACCEPT_ANY: 1
      MP_SMTP_AUTH_ALLOW_INSECURE: 1
    volumes:
      - "mailpit-data:/data"
    profiles: [ "infra", "all" ]
    networks:
      meldestelle-network:
        aliases:
          - "mailpit"

  # --- IAM: Keycloak (DEBUG MODE) ---
  keycloak:
    image: "quay.io/keycloak/keycloak:26.4"
    container_name: "${PROJECT_NAME:-meldestelle}-keycloak"
    restart: no
    environment:
      KC_BOOTSTRAP_ADMIN_USERNAME: "${KC_ADMIN_USERNAME:-kc-admin}"
      KC_BOOTSTRAP_ADMIN_PASSWORD: "${KC_ADMIN_PASSWORD:-kc-password}"
      KC_DB: "${KC_DB:-postgres}"
      KC_DB_SCHEMA: "${KC_DB_SCHEMA:-keycloak}"
      KC_DB_URL: "${POSTGRES_DB_URL:-jdbc:postgresql://postgres:5432/pg-meldestelle-db}"
      KC_DB_USERNAME: "${POSTGRES_USER:-pg-user}"
      KC_DB_PASSWORD: "${POSTGRES_PASSWORD:-pg-password}"
      KC_HOSTNAME: "${KC_HOSTNAME:-localhost}"
      KC_HTTP_ENABLED: "true"
      KC_PROXY_HEADERS: "xforwarded"
      KC_HEALTH_ENABLED: "true"
      KC_METRICS_ENABLED: "true"
      KC_LOG_LEVEL: "INFO"
    ports:
      - "${KC_PORT:-8180:8080}"
      - "${KC_DEBUG_PORT:-9000:9000}"
    depends_on:
      postgres:
        condition: "service_healthy"
    volumes:
      # Mount für den Import
      - "./config/docker/keycloak:/opt/keycloak/data/import:Z"
    # Import beim Start aktivieren
    command: "start-dev --import-realm"
    networks:
      meldestelle-network:
        aliases:
          - "keycloak"
    profiles: [ "infra", "all" ]

volumes:
  postgres-data:
  valkey-data:
  mailpit-data:

networks:
  meldestelle-network:
    driver: bridge