services:
  open-webui:
    image: ${WEBUI_IMAGE:-ghcr.io/open-webui/open-webui:main}
    container_name: ${WEBUI_NAME:-open-webui}
    restart: unless-stopped
    environment:
      - OPENAI_API_KEY=${OPENAI_API_KEY}      
      # OIDC vars
      - 'ENABLE_OAUTH_SIGNUP=${ENABLE_OAUTH_SIGNUP}'
      - 'OAUTH_MERGE_ACCOUNTS_BY_EMAIL=${OAUTH_MERGE_ACCOUNTS_BY_EMAIL}'
      - 'OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID}'
      - 'OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}'
      - 'OPENID_PROVIDER_URL=${OPENID_PROVIDER_URL}'
      - 'OAUTH_PROVIDER_NAME=${OAUTH_PROVIDER_NAME}'
      - 'OAUTH_SCOPES=${OAUTH_SCOPES}'
      - 'ENABLE_OAUTH_ROLE_MANAGEMENT=${ENABLE_OAUTH_ROLE_MANAGEMENT}'
      - 'OAUTH_ALLOWED_ROLES=${OAUTH_ALLOWED_ROLES}'
      - 'OAUTH_ADMIN_ROLES=${OAUTH_ADMIN_ROLES}'
      - 'OAUTH_ROLES_CLAIM=${OAUTH_ROLES_CLAIM}'
      - 'OAUTH_CODE_CHALLENGE_METHOD=${OAUTH_CODE_CHALLENGE_METHOD}'
      - 'OPENID_REDIRECT_URI=${OPENID_REDIRECT_URI}'
      
      - GLOBAL_LOG_LEVEL={LOG_LEVEL}
    ports:
      - "${WEBUI_PORT:-3000}:8080"
    volumes:
      - ${WEBUI_VOLUME:-open-webui_data}:/app/backend/data
    extra_hosts:
      - "host.docker.internal:host-gateway"