services:
  zitadel:
    image: ghcr.io/zitadel/zitadel:latest
    container_name: zitadel
    restart: always
    networks:
      - zitadel-int
      - caddyNet
    command: "start-from-init --masterkeyFromEnv --tlsMode external"
    environment:
      ZITADEL_LOG_LEVEL: DEBUG
      ZITADEL_MASTERKEY: ${ZITADEL_MASTERKEY}
      ZITADEL_DATABASE_POSTGRES_HOST: db
      ZITADEL_DATABASE_POSTGRES_PORT: 5432
      ZITADEL_DATABASE_POSTGRES_DATABASE: ${ZITADEL_DATABASE_NAME}
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: ${ZITADEL_DATABASE_USER_USER}
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: ${ZITADEL_DATABASE_USER_PASSWORD}
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: ${ZITADEL_DATABASE_ADMIN_USER}
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: ${ZITADEL_DATABASE_ADMIN_PASSWORD}
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
      ZITADEL_EXTERNALPORT: 443
      ZITADEL_EXTERNALSECURE: true
      ZITADEL_TLS_ENABLED: false
      ZITADEL_EXTERNALDOMAIN: auth.${DOMAIN_NAME}
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME:  # ${ZITADEL_LOGIN_USER}
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD:  #${ZITADEL_LOGIN_PASSWORD}
      ZITADEL_FIRSTINSTANCE_ORG_NAME: HomeLab
      #ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_HOST: ${ZITADEL_SMTP_HOST}
      #ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_USER: ${ZITADEL_SMTP_USER}
      #ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROM: ${ZITADEL_SMTP_USER}
      #ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_PASSWORD: ${ZITADEL_SMTP_PASSWORD}
      #ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_TLS: ${ZITADEL_SMTP_TLS}
      #ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROMNAME: No Reply 24 heures de l'INSA
      #ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_TOSLINK: ""
      #ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_PRIVACYLINK: ""
      #ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_SUPPORTEMAIL: dsi@${DOMAIN}
    depends_on:
      db:
        condition: "service_healthy"
    env_file:
      - .env
    ports:
      - "9980:8080"  # Internal port for ZITADEL
      - "9943:443"   # External port for ZITADEL

  db:
    image: postgres:17-alpine
    restart: always
    environment:
      POSTGRES_USER: ${ZITADEL_DATABASE_ADMIN_USER}
      POSTGRES_PASSWORD: ${ZITADEL_DATABASE_ADMIN_PASSWORD}
      POSTGRES_DB: ${ZITADEL_DATABASE_NAME}
    networks:
      - zitadel-int
    volumes:
      - /volume1/docker/zitadel/postgresql:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      interval: "10s"
      timeout: "30s"
      retries: 5
      start_period: "20s"
    container_name: zitadel-db

networks:
  zitadel-int:
    driver: bridge
    name: zitadel-int
  caddyNet:
    external: true
    name: caddyNet