mess with ports

paths
7 changed files with 26 additions and 9 deletions
--- a/env.template
+++ b/env.template
@ -1,5 +1,5 @@
 DOMAIN=localhost

-SMTP_USERNAME=admin
+SMTP_USER=admin
 SMTP_HOST=localhost
 SMTP_PORT=587
--- a/readme.md
+++ b/readme.md
@ -29,6 +29,10 @@ To stop all the containers, you can ctrl+c, or

    ./scripts/down

+To generate secrets for all services
+
+    ./scripts/secrets
+
 ## port forwarding

 The caddy service expects to be able to bind to ports 80 and 443
--- a/scripts/generate-secrets
+++ b/scripts/generate-secrets
@ -0,0 +1,4 @@
+echo generating zitadel secrets; {
+	openssl rand -hex 16 | tr -d '\n' >! secrets/auth/zitadel/MASTER_KEY
+	openssl rand -hex 32 | tr -d '\n' >! secrets/auth/zitadel/STORAGE_PASSWORD
+}
--- a/services/auth.yaml
+++ b/services/auth.yaml
@ -20,11 +20,19 @@ services:
      ZITADEL_DATABASE_COCKROACH_HOST: crdb
      ZITADEL_EXTERNALSECURE: true
      ZITADEL_EXTERNALDOMAIN: auth.${DOMAIN}
-      ZITADEL_EXTERNALPORT: 8321
+      ZITADEL_EXTERNALPORT: 443
      ZITADEL_WEBAUTHN_NAME: ${DOMAIN}
+      ZITADEL_FIRSTINSTANCE_ORG_NAME: basement
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: ${ADMIN_USER}
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: ${ADMIN_PASS}
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROM: basement
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROMNAME: ${DOMAIN}
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_HOST: "${SMTP_HOST}:${SMTP_PORT}"
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_USER: ${SMTP_USER}
+      ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_PASSWORD: ${SMTP_PASS}
    secrets:
      - MASTER_KEY
-    command: "start-from-init --masterkeyFile /run/secrets/MASTER_KEY --tlsMode disabled"
+    command: "start-from-init --masterkeyFile /run/secrets/MASTER_KEY --tlsMode external"
    depends_on:
      generate-secrets:
        condition: 'service_completed_successfully'
@ -33,7 +41,7 @@ services:
      crdb:
        condition: 'service_healthy'
    ports:
-      - '8321:8080'
+      - '8080:8080'

  crdb:
    restart: unless-stopped
--- a/services/auth/Proxyfile
+++ b/services/auth/Proxyfile
@ -1,3 +1,4 @@
-auth.{$DOMAIN} {
-	reverse_proxy zitadel:8321
+auth.{$DOMAIN}:443 {
+    reverse_proxy zitadel:8080
+    tls internal
 }
--- a/services/secrets/generate-secrets
+++ b/services/secrets/generate-secrets
@ -9,5 +9,5 @@ set -o pipefail
 for secret in /secrets/*/*/* ; do
  test -d "$secret" && rmdir "$secret"
  test -s "$secret" && continue
-  openssl rand -hex 64 > $secret
+  openssl rand -hex ${2:-64} > $secret
 done
--- a/services/web/Containerfile
+++ b/services/web/Containerfile
@ -1,8 +1,8 @@
-FROM caddy:2.7.5-builder-alpine AS builder
+FROM caddy:builder-alpine AS builder

 RUN xcaddy build \
    --with github.com/mholt/caddy-webdav

-FROM caddy:latest
+FROM caddy:alpine

 COPY --from=builder /usr/bin/caddy /usr/bin/caddy
Author	SHA1	Message	Date
Jonathan Dahan	72d21c65db	mess with ports	2 years ago
Jonathan Dahan	c54502e9b2	paths	2 years ago