version: "3.8" secrets: MASTER_KEY: file: ../secrets/auth/zitadel/MASTER_KEY services: backup: volumes: - ../data/auth:/mnt/backup/src/auth:ro generate-secrets: volumes: - ../secrets/auth/zitadel/MASTER_KEY:/secrets/auth/zitadel/MASTER_KEY zitadel: restart: 'unless-stopped' image: 'ghcr.io/zitadel/zitadel:v2.24.10' environment: ZITADEL_DATABASE_COCKROACH_HOST: crdb ZITADEL_EXTERNALSECURE: true ZITADEL_EXTERNALDOMAIN: auth.${DOMAIN} ZITADEL_EXTERNALPORT: 443 ZITADEL_WEBAUTHN_NAME: ${DOMAIN} ZITADEL_FIRSTINSTANCE_ORG_NAME: basement ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: ${ADMIN_USER} ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: ${ADMIN_PASS} ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_HOST: "${SMTP_HOST}:${SMTP_PORT}" ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_USER: ${SMTP_USER} ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_PASSWORD: ${SMTP_PASS} ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_SSL: true ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROM: basement@mail.${DOMAIN} ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROMNAME: basement ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_REPLYTOADDRESS: basement@mail.${DOMAIN} secrets: - MASTER_KEY command: "start-from-init --masterkeyFile /run/secrets/MASTER_KEY --tlsMode external" depends_on: generate-secrets: condition: 'service_completed_successfully' caddy: condition: 'service_healthy' crdb: condition: 'service_healthy' ports: - '8080:8080' crdb: restart: unless-stopped image: 'cockroachdb/cockroach:latest-v23.1' depends_on: generate-secrets: condition: 'service_completed_successfully' command: "start-single-node --insecure --store=path=/cockroach/cockroach-data,size=20%" healthcheck: test: ["CMD", "curl", "--fail", "http://localhost:8080/health?ready=1"] interval: '10s' timeout: '30s' retries: 5 start_period: '20s' ports: - '9090:8080' - '26257:26257' volumes: - ../data/auth/crdb/data:/cockroach/cockroach-data:rw caddy: volumes: - ./auth/Proxyfile:/etc/caddy.d/zitadel:ro