services:
  zitadel:
    restart: 'always'
    networks:
      - 'zitadel-int'
      - 'caddyNet'
    container_name: zitadel
    image: 'ghcr.io/zitadel/zitadel:latest'
    command: 'start-from-init --masterkeyFromEnv --tlsMode disabled'
    environment:
      ZITADEL_DATABASE_POSTGRES_HOST: db
      ZITADEL_DATABASE_POSTGRES_PORT: 5432
      ZITADEL_DATABASE_POSTGRES_DATABASE: ${ZITADEL_DBNAME}
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: ${DB_USER}
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: ${DB_PASSWORD}
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: ${DB_ADMIN_USER}
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: a_simple_test_password #${DB_ADMIN_PASSWORD}
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
      ZITADEL_EXTERNALSECURE: false
      ZITADEL_FIRSTINSTANCE_ORG_NAME: HomeLab
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: ${ZITADEL_LOGIN_USER}
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: ${ZITADEL_LOGIN_PASSWORD}
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORDCHANGEREQUIRED: false
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_VERIFIED: "true"
    depends_on:
      db:
        condition: 'service_healthy'
    env_file:
      - .env
    ports:
        - '9980:8080'

  db:
    restart: 'always'
    image: postgres:17-alpine
    container_name: zitadel-db
    environment:
      POSTGRES_DB: ${ZITADEL_DBNAME}
      POSTGRES_USER: ${DB_ADMIN_USER}
      POSTGRES_PASSWORD: a_simple_test_password #${DB_ADMIN_PASSWORD}
    env_file:
      - .env
    networks:
      - 'zitadel-int'
    healthcheck:
      test: ["CMD-SHELL", "pg_isready", "-d", "${ZITADEL_DBNAME}", "-U", "${DB_ADMIN_USER}"]
      interval: '10s'
      timeout: '30s'
      retries: 5
      start_period: '20s'
    volumes:
      - ${DB_LOCATION}:/var/lib/postgresql/data:rw

networks:
  zitadel-int:
    driver: bridge
    name: zitadel-int
  caddyNet:
    external: true
    name: caddyNet