docker-compose.yml

networks:
  nuklaivm-network:
    external: true

services:
  nuklaivm-postgres:
    image: postgres:14
    container_name: nuklaivm-postgres
    ports:
      - '5432:5432'
    networks:
      - nuklaivm-network
    volumes:
      - pgdata:/var/lib/postgresql/data
      - ./certs:/etc/postgresql/certs
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U postgres']
      interval: 5s
      timeout: 10s
      retries: 5
    entrypoint:
      - /bin/bash
      - -c
      - |
        echo "Starting PostgreSQL setup..."

        # Ensure PostgreSQL data directory is initialized
        if [ ! -s /var/lib/postgresql/data/PG_VERSION ]; then
          echo "Initializing PostgreSQL data directory..."
          su postgres -c "initdb -D /var/lib/postgresql/data"
        fi

        # Generate SSL certificates if not present
        if [ ! -f /etc/postgresql/certs/server.crt ]; then
          echo "Generating SSL certificates..."
          mkdir -p /etc/postgresql/certs
          openssl req -new -x509 -nodes -days 365 \
            -keyout /etc/postgresql/certs/server.key \
            -out /etc/postgresql/certs/server.crt \
            -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
          chmod 600 /etc/postgresql/certs/server.key
          chown -R postgres:postgres /etc/postgresql/certs
          echo "SSL certificates generated."
        fi

        # Add both SSL and non-SSL rules to pg_hba.conf
        echo "hostssl all all 0.0.0.0/0 scram-sha-256" >> /var/lib/postgresql/data/pg_hba.conf
        echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf

        # Start PostgreSQL in the background to allow commands
        su postgres -c "pg_ctl -D /var/lib/postgresql/data -l /var/lib/postgresql/data/logfile start"

        # Set the password for the postgres user
        echo "Setting password for postgres user..."
        su postgres -c "psql -c \"ALTER USER postgres WITH PASSWORD 'postgres'\""

        # Reload PostgreSQL configuration
        su postgres -c "pg_ctl -D /var/lib/postgresql/data reload"

        # Create the database if it doesn't exist
        su postgres -c "psql -c 'CREATE DATABASE nuklaivm'"

        # Stop the background server
        su postgres -c "pg_ctl -D /var/lib/postgresql/data stop"

        # Start PostgreSQL as the main process
        exec su postgres -c "postgres -c ssl=on \
          -c ssl_cert_file=/etc/postgresql/certs/server.crt \
          -c ssl_key_file=/etc/postgresql/certs/server.key"
    restart: always

  nuklaivm-subscriber:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: nuklaivm-subscriber
    networks:
      - nuklaivm-network
    depends_on:
      nuklaivm-postgres:
        condition: service_healthy
    environment:
      DB_HOST: nuklaivm-postgres
      DB_PORT: 5432
      DB_USER: postgres
      DB_PASSWORD: postgres
      DB_NAME: nuklaivm
      DB_SSLMODE: require
      GRPC_WHITELISTED_BLOCKCHAIN_NODES: '127.0.0.1,localhost/172.17.0.0/16,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
    ports:
      - '8080:8080'
      - '50051:50051'
    command: ['/app/subscriber']
    restart: always

volumes:
  pgdata: