version: "3.9"

services:
  rpki-rtr:
    build:
      context: ../..
      dockerfile: deploy/server/Dockerfile
    image: rpki-rtr:latest
    container_name: rpki-rtr
    restart: no
    ports:
      - "323:323"
      - "324:324"
      # SSH mode example:
      # - "22:22"
    environment:
      RPKI_RTR_ENABLE_TLS: "false"
      RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
      RPKI_RTR_TLS_ADDR: "0.0.0.0:324"
      RPKI_RTR_DB_PATH: "${RPKI_RTR_DB_PATH:-/app/rtr-db}"
      RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
      RPKI_RTR_SLURM_DIR: "${RPKI_RTR_SLURM_DIR:-/app/slurm}"
      RPKI_RTR_STRICT_CCR_VALIDATION: "${RPKI_RTR_STRICT_CCR_VALIDATION:-false}"
      RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "${RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS:-300}"
      RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
      RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "${RPKI_RTR_MAX_CONCURRENT_HANDSHAKES:-128}"
      RUST_LOG: "${RUST_LOG:-info}"
      # SSH mode example:
      # RPKI_RTR_ENABLE_SSH: "true"
      # RPKI_RTR_SSH_ADDR: "0.0.0.0:22"
      # RPKI_RTR_SSH_PORT: "22"
      # RPKI_RTR_SSH_HOST_KEY_PATH: "/app/certs/ssh_host_ed25519_key"
      # RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH: "/app/certs/rtr-authorized_keys"
      # RPKI_RTR_SSH_USERNAME: "rpki-rtr"
      # RPKI_RTR_SSH_SUBSYSTEM_NAME: "rpki-rtr"
      # Optional: enable password auth in addition to publickey
      # RPKI_RTR_SSH_PASSWORD: "test-password"
    volumes:
      - ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
      - ${RPKI_RTR_DB_HOST_DIR:-../../rtr-db}:${RPKI_RTR_DB_PATH:-/app/rtr-db}
      - ${RPKI_RTR_SLURM_HOST_DIR:-../../data}:${RPKI_RTR_SLURM_DIR:-/app/slurm}:ro
      - ${RPKI_RTR_LOG_HOST_DIR:-../../logs/server}:/app/logs
      # TLS mode example:
      # - ../../certs:/app/certs:ro
    networks:
      - rpki_net

networks:
  rpki_net:
    name: rpki_net
    driver: bridge