version: "3.9"

services:
  rpki-rtr:
    build:
      context: ../..
      dockerfile: deploy/server/Dockerfile
    image: rpki-rtr:latest
    container_name: rpki-rtr-ssh
    restart: no
    ports:
      - "323:323"
      - "${RPKI_RTR_SSH_HOST_PORT:-2222}:${RPKI_RTR_SSH_CONTAINER_PORT:-22}"
    environment:
      RPKI_RTR_ENABLE_TLS: "false"
      RPKI_RTR_ENABLE_SSH: "true"
      RPKI_RTR_TCP_ADDR: "0.0.0.0:323"
      RPKI_RTR_SSH_ADDR: "0.0.0.0:${RPKI_RTR_SSH_CONTAINER_PORT:-22}"
      RPKI_RTR_SSH_HOST_KEY_PATH: "${RPKI_RTR_SSH_HOST_KEY_PATH:-/host-ssh/ssh_host_ed25519_key}"
      RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH: "${RPKI_RTR_SSH_AUTHORIZED_KEYS_PATH:-/app/certs/rtr-authorized_keys}"
      RPKI_RTR_SSH_USERNAME: "${RPKI_RTR_SSH_USERNAME:-rpki-rtr}"
      RPKI_RTR_SSH_SUBSYSTEM_NAME: "${RPKI_RTR_SSH_SUBSYSTEM_NAME:-rpki-rtr}"
      # SSH auth mode: key | password | both
      RPKI_RTR_SSH_AUTH_MODE: "${RPKI_RTR_SSH_AUTH_MODE:-key}"
      # Optional: enable password authentication in addition to publickey
      # RPKI_RTR_SSH_PASSWORD: "test-password"
      RPKI_RTR_DB_PATH: "/app/rtr-db"
      RPKI_RTR_CCR_DIR: "${RPKI_RTR_CCR_DIR:-/app/data}"
      RPKI_RTR_SLURM_DIR: "/app/slurm"
      RPKI_RTR_STRICT_CCR_VALIDATION: "false"
      RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300"
      RPKI_RTR_MAX_DELTA: "${RPKI_RTR_MAX_DELTA:-10}"
      RPKI_RTR_MAX_CONCURRENT_HANDSHAKES: "128"
      RUST_LOG: "info"
    volumes:
      - ${RPKI_RTR_CCR_HOST_DIR:-../../data}:${RPKI_RTR_CCR_DIR:-/app/data}:ro
      - ../../rtr-db:/app/rtr-db
      - ../../data:/app/slurm:ro
      - ${RPKI_RTR_SSH_KEYS_VOLUME:-/etc/ssh:/host-ssh:ro}
      - ../../certs:/app/certs:ro
      - ../../logs/server:/app/logs
    networks:
      - rpki_net

networks:
  rpki_net:
    name: rpki_net
    driver: bridge