services:
  zitadel:
    container_name: zitadel-iam-${IP}-${PORT}
    restart: always
    image: ghcr.io/zitadel/zitadel:latest
    command: start-from-init --masterkey "${MASTER_KEY}" --tlsMode disabled
    environment:
      ZITADEL_DATABASE_POSTGRES_HOST: db
      ZITADEL_DATABASE_POSTGRES_PORT: 5432
      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: ${DB_PASS_U}
      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: ${DB_PASS_A}
      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
      ZITADEL_EXTERNALSECURE: false
    depends_on:
      db:
        condition: service_healthy
    ports:
      - ${IP}:${PORT}:8080
  db:
    restart: always
    image: postgres:16-alpine
    environment:
      PGUSER: postgres
      POSTGRES_PASSWORD: postgres
    healthcheck:
      test:
        - CMD-SHELL
        - pg_isready
        - -d
        - zitadel
        - -U
        - postgres
      interval: 10s
      timeout: 30s
      retries: 5
      start_period: 20s
networks: {}