#for tsg-diagnose
version: '2.2'
services:

  badssl_server:
    image: "badssl-tsg-diagnose:latest"
    container_name: "badssl_tsg-diagnose"
    tty: true
    privileged: true
    networks:
      vlan_ssl_net:
        ipv4_address: 192.0.2.130
        ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1010
      bridge_net:
        ipv4_address: 192.51.100.2
    volumes:
     - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/badssl.com/unittest_certs
     - /etc/localtime:/etc/localtime:ro
    command: >
      bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82
      && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 
      && make certs-test
      && make inside-docker 
      && cp -r /badssl.com/certs /badssl.com/unittest_certs
      && nginx
      && tail -f /dev/null"

  wpr_server:
    image: "wpr-tsg-diagnose:latest"
    container_name: "wpr_tsg-diagnose"
    tty: true
    privileged: true
    networks:
      vlan_ssl_net:
        ipv4_address: 192.0.2.131
        ipv6_address: fd00:a1bf:2c3d:ef5a:1e2f:3d4c:56ab:1011
      bridge_net:
        ipv4_address: 192.51.100.3
    volumes:
     - /etc/localtime:/etc/localtime:ro
    command: 
      - /bin/sh
      - -c
      - |
        ifconfig eth0 hw ether 02:42:C0:A8:FD:83
        arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03
        /root/wpr/wpr replay --http_port=80 --https_port=443 --host=0.0.0.0 --quiet_mode /root/wpr/archive.wprgo & 
        tail -f /dev/null
        
  unittest_client:
    image: "unittest-tsg-diagnose:latest"
    container_name: "unittest_tsg-diagnose"
    depends_on: 
      - badssl_server
      - wpr_server
    tty: true
    privileged: true
    networks:
      vlan_unittest_net:
        ipv4_address: 192.0.2.3
        ipv6_address: fd00:a1bf:2c3d:ef5b:6e7f:8d9c:abfe:1012
      bridge_net:
        ipv4_address: 192.51.100.4
    volumes:
     - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/root/cafile_dict
     - /opt/tsg/tsg-diagnose/result:/root/result_tsg_diagnose
     - /etc/localtime:/etc/localtime:ro
    command: 
      - /bin/sh
      - -c
      - |
        /root/unittest/wait-for 192.51.100.2:443 -t 60 -- echo "badssl is up"
        /root/unittest/wait-for 192.51.100.3:443 -t 60 -- echo "wpr is up"
        ifconfig eth0 hw ether 02:42:C0:A8:FD:03
        arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82
        arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83
        mkdir -p /root/result_tsg_diagnose/unittest
        mkdir -p /root/result_tsg_diagnose/con_traffic_inject
        cp -rf /root/cafile_dict/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates
        update-ca-certificates
        cat /root/unittest/badssl.test.hosts >> /etc/hosts
        crond
        python /root/unittest/tsg_diagnose.py -l


networks: 
  bridge_net:
    name: bridge_tsg-diagnose_net
    driver: bridge
    ipam:
      config:
        - subnet: 192.51.100.0/24
          gateway: 192.51.100.1

  vlan_ssl_net: 
    name: vlan_tsg-diagnose_net
    driver: macvlan
    enable_ipv6: true
    driver_opts: 
      parent: enp1s1
    ipam: 
      config: 
        - subnet: 192.0.2.0/24
          ip_range: 192.0.2.128/25  
          gateway: 192.0.2.129
        - subnet: fd00:a1bf:2c3d:ef5a::/63
          ip_range: fd00:a1bf:2c3d:ef5a::/64
          gateway: fd00:a1bf:2c3d:ef5a::1010

  vlan_unittest_net: 
    name: vlan_unittest_tsg-diagnose_net
    driver: macvlan
    enable_ipv6: true
    driver_opts:
      parent: ens1f1
    ipam:
      config:
        - subnet: 192.0.2.0/24
          ip_range: 192.0.2.0/25
          gateway: 192.0.2.1
        - subnet: fd00:a1bf:2c3d:ef5a::/63
          ip_range: fd00:a1bf:2c3d:ef5b::/64
          gateway: fd00:a1bf:2c3d:ef5a::1011