services:
  zitadel:
    image: ghcr.io/zitadel/zitadel:latest
    container_name: zitadel
    restart: always
    networks:
      - zitadel-int
      - caddyNet
    command: "start-from-init --masterkeyFromEnv --tlsMode external"
    environment:
      ZITADEL_LOG_LEVEL: DEBUG
      ZITADEL_MASTERKEY: "llVtFp2u3L6X4JpN5tRAiP5h4AaROtwI"
      ZITADEL_DATABASE_POSTGRES_HOST: zitadel-db
      ZITADEL_DATABASE_POSTGRES_PORT: 5432
      ZITADEL_DATABASE_POSTGRES_DATABASE: postgres
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: "postgres"
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: "postgres"
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
      ZITADEL_EXTERNALPORT: 443
      ZITADEL_EXTERNALSECURE: true
      ZITADEL_TLS_ENABLED: false
      ZITADEL_EXTERNALDOMAIN: auth.binarytech.uk
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: krispamarthy@gmail.com
      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: "Password01!"
      ZITADEL_FIRSTINSTANCE_ORG_NAME: HomeLab
    depends_on:
      db:
        condition: "service_healthy"
    ports:
      - "9980:8080"

  db:
    image: postgres:17-alpine
    restart: always
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: "postgres"
      POSTGRES_DB: postgres
    networks:
      - zitadel-int
      - caddyNet
    volumes:
      - /volume1/docker/zitadel/db:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d postgres -U postgres"]
      interval: "10s"
      timeout: "30s"
      retries: 5
      start_period: "20s"
    container_name: zitadel-db

networks:
  zitadel-int:
    driver: bridge
    name: zitadel-int
  caddyNet:
    external: true
    name: caddyNet