From 5dd4f752e04bba37bd6950b2f9e77087c62d6ff7 Mon Sep 17 00:00:00 2001
From: Tony Hart <154579112+thaarrtt@users.noreply.github.com>
Date: Mon, 7 Jul 2025 11:34:00 +0700
Subject: [PATCH] add zitadel template (#209)

* add casdoor templates

* fix meta json casdoor

* fix casdoor templates

* improve templates

* fix meta and improve casdoor template

* fix app conf

* fix db casdoor app conf

* update app conf var path

* app config mount fix v6

* fix appconf v7

* fix casbin url image

* test postgress anjg

* mounted file is wrong

* remove casdoor

* add zitadel templates

* update passwd masterkey

* update master key length

* improve env var default template

* improve env var for default login

* passwd generated dont meet zitadel criteria

* disable smtp host for first launch app

* use tls as default

* tls mode external

* remove unused env

* change tls model

* change external port

* test tls traefik

* test disable tls

* disable tls

* external port

* remove env var

* port binding fix

* remove bridge network and fix and update meta json
---
 blueprints/zitadel/docker-compose.yml |  63 ++++++++++++++++++++++++++
 blueprints/zitadel/template.toml      |  28 ++++++++++++
 blueprints/zitadel/zitadel.png        | Bin 0 -> 4070 bytes
 meta.json                             |  23 ++++++++++
 4 files changed, 114 insertions(+)
 create mode 100644 blueprints/zitadel/docker-compose.yml
 create mode 100644 blueprints/zitadel/template.toml
 create mode 100644 blueprints/zitadel/zitadel.png

diff --git a/blueprints/zitadel/docker-compose.yml b/blueprints/zitadel/docker-compose.yml
new file mode 100644
index 00000000..38746614
--- /dev/null
+++ b/blueprints/zitadel/docker-compose.yml
@@ -0,0 +1,63 @@
+version: '3.8'
+
+services:
+  zitadel:
+    restart: 'always'
+    image: 'ghcr.io/zitadel/zitadel:latest'
+    command: 'start-from-init --masterkey "${ZITADEL_MASTERKEY}" --tlsMode disabled'
+    environment:
+      # Database Configuration
+      ZITADEL_DATABASE_POSTGRES_HOST: db
+      ZITADEL_DATABASE_POSTGRES_PORT: 5432
+      ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
+      ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
+      ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: "${POSTGRES_PASSWORD}"
+      ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
+      ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: postgres
+      ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: "${POSTGRES_PASSWORD}"
+      ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
+
+      # External Configuration for HTTP only - TLS mode disabled
+      ZITADEL_EXTERNALSECURE: false
+      ZITADEL_EXTERNALPORT: 8080
+      ZITADEL_EXTERNALDOMAIN: "${EXTERNAL_DOMAIN}"
+      ZITADEL_TLS_ENABLED: false
+
+      # Disable Email Notifications
+      ZITADEL_NOTIFICATIONS_SMTP_HOST: ""
+      ZITADEL_NOTIFICATIONS_SMTP_PORT: ""
+
+      # Custom Admin User Configuration
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME}"
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD}"
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_ADDRESS: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_ADDRESS}"
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_FIRSTNAME: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_FIRSTNAME}"
+      ZITADEL_FIRSTINSTANCE_ORG_HUMAN_LASTNAME: "${ZITADEL_FIRSTINSTANCE_ORG_HUMAN_LASTNAME}"
+
+    depends_on:
+      db:
+        condition: 'service_healthy'
+    ports:
+      - '8080'
+    volumes:
+      - zitadel_data:/app/data
+
+  db:
+    restart: 'always'
+    image: postgres:17-alpine
+    environment:
+      PGUSER: postgres
+      POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
+      POSTGRES_DB: zitadel
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready", "-d", "zitadel", "-U", "postgres"]
+      interval: '10s'
+      timeout: '30s'
+      retries: 5
+      start_period: '20s'
+
+volumes:
+  postgres_data:
+  zitadel_data:
\ No newline at end of file
diff --git a/blueprints/zitadel/template.toml b/blueprints/zitadel/template.toml
new file mode 100644
index 00000000..f04da0be
--- /dev/null
+++ b/blueprints/zitadel/template.toml
@@ -0,0 +1,28 @@
+[variables]
+main_domain = "${domain}"
+postgres_password = "${password:32}"
+zitadel_masterkey = "${password:32}"
+admin_username = "${username}"
+admin_email = "${email}"
+admin_password = "AdminPassword123!"
+
+[config]
+[[config.domains]]
+serviceName = "zitadel"
+port = 8080
+host = "${main_domain}"
+path = "/"
+
+[config.env]
+POSTGRES_PASSWORD = "${postgres_password}"
+ZITADEL_MASTERKEY = "${zitadel_masterkey}"
+EXTERNAL_DOMAIN = "${main_domain}"
+
+# Custom Admin User Configuration
+ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME = "${admin_username}"
+ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD = "${admin_password}"
+ZITADEL_FIRSTINSTANCE_ORG_HUMAN_EMAIL_ADDRESS = "${admin_email}"
+ZITADEL_FIRSTINSTANCE_ORG_HUMAN_FIRSTNAME = "Admin"
+ZITADEL_FIRSTINSTANCE_ORG_HUMAN_LASTNAME = "User"
+
+[[config.mounts]]
diff --git a/blueprints/zitadel/zitadel.png b/blueprints/zitadel/zitadel.png
new file mode 100644
index 0000000000000000000000000000000000000000..fee75a151e711dfdded1d48fa9ce7461d0aacd74
GIT binary patch
literal 4070
zcmai%WmMCT|HVJ_<^;9@(lJKY=#DWuq!H;*>23t1#uy<DN=OL^A~+Ex1c8AlAzu`!
zFC`&@Lqeq#wx9n;|0ln5ey?-xy-)8s?<en@X=P!=c!}#0004|8#`-pYbM5~GqWSCK
zAVFgQpc=O_w=-a6SE5iT03ZTqQ-m<f0e~O?NC1Ek00^9%oB)6%6I^~^@J(%9lP<=t
z?dgk(iiZFIfA?;j%(~do(M^W0lBJ)L*%knRml7)u04e}Gip=qelFTI`rAJ1!kOf8n
zfP)f`q@;3CEF#I`F90@qGT#`$E=g9cBx@H?JZ#C_lN213tWZzZD5bbMQcUB?m`s3G
z31Alin3Vn&CL5)YMSE=RZ&4!TDWR&A8y0FBR+K0dH=kxmXd*tdaC&++CN`bo=;7q-
z@6UBZiQNdeq}+T>qRACODFD83^-~zXef_#qEEwJ^mf_Cp&?=m=DN%Eq-}{wRVxMsK
zEBS~W*|KL6@$G_{uT%ms+(s{CBf<pSNg{2=2;HxG(V`rhcqs=5gmHz8*97u`hM>xs
zkKQwLogpiI3o*5uGMYV>=x<KeNy?aVEu%q0`_E2B^JZ@TlKM3o)_Gd!Qr@IQ?$CFf
zEsg9&KI{Qz><)>nNh7S!@0rSF=_`ChG>o{)nMo)TZwQBI$SwOyzx3mhK*)bhg(R4W
z7FdhC59YR0km<M6XjOME(O19ET4X0^xB{I3*y%D@GHaEuM@pM^KnXtP1EYV>J!_(`
zYZqJj{lQuMv?15qTV|y}XZSp!=sFKC43@fsH871OH1Mq|STW3uCJ20s#?Q=V?0Byb
z`$u9oxKsLj>0b4#2;=s^yFA>N)vM0P1A0RIKS%$(R@m<?FO$8@_Fu8r5q4Tmo|8V*
z8vQ2H>z29C{M30FHz#p+v9=ZwtXy|aUg;a+?^1=ofy7g-Wd%lQxK#{8Li!nDuH1Mi
z6v|{-71LZHh&EO|uhjrkeJ;jym3H>XJ=I%JZx)}y6+vWpPy#g=5cQ$fNq2K>oc|@H
zATgkg8#SDl%Twlmd*`5hhVfgcz-QQdTry$1eV7s8`?LU!R#I_g!>=1LF!Nc1bXKy#
zt|eV2z(I}IP&Nb<8XNx6AhY81gIvkM_w2fyjnH=0eJ+&}8D5QOtHY1k^7knc$}Uk5
z1g%|AEDW9bHH^oiM>tF`c^+rWUNci~$x5u7xk}2bHxspJ!rlwp7r*la8r(g26;Wdv
z>qteNf?p?`)<Q-gYzOz5@(ai~Kr}l*hOky*=3vP)q};nS?D*DA-SK>wF0(?&_3W1o
zw*azDU|_V)46b5QsQu?WqVL5pb12W1WrZ~Ad}*C3Tk2=q)Tp3>&nIzu2RiMhv6H;P
zkMU-6^g{(Xd30FGd9!6W{(3^kT1pn}_57~2s>ag+;Y@Bj{GnLZnXXV<wX-XYGEYna
zV`7>_?IYm4xIjP7lT@w&R}m_O_+#z)+-dUTd?r#Iqfh3r@?15d>xmaZ-&*Dw8wrvR
zt7NxSi9fd3xzk;~vZs$-CBjd<xn_0PUe7P}l5hDK20PK1*RR?Q{T4Z1*xG8goePQd
z%K4``c`$tYy;7^Y#5pgtO8sbNuDj9%?TrL6k!{yj12=xxP0<T#MsBx+a0otpN<YQ*
z0mCcn&BLB<mA<cx_*@&a68Cj6eDd>?*O!3HkJPRd&OY$f6N%A7Y9{_(L`Ad~3F^@1
zym8d@zWiItf3v0ez_sY$*Uo;@6!JDnHV=&6zm<*?-6jd@5~{=9NnlG#6Y>`^tgd|I
zy5Cg8?0Rm_@KTIAkw2;cFLfO(rbFjJ*5bITF_qJughqN1ub_Pgd)&{&hu74+=1J(`
zRBycqv`DK(Eu3jLIJ{q6`Mi-g)XA*ltf#bRhE|g6%+yOoww5nH?<F8l-jY&<2_)d&
z+jlX68Iz-y?ZjJ!A5|G1zwbP-FIfbztE}bhr`Oo&E(w)mCo4RFVN!;Aw^)AXV;Ixv
z;_4n?qT)oA)+#eL;77RjWbmw0YP@c{rYENDIb8~E6rYQ3%$2s*m8J6jzJbl3aUe-G
z&@}<-R8m>!6pOk3A#YevLc%%l>ErR_<OAnU_SpwS<8W&!8G)PF<ih)7EgNsbKyjxB
z^VcQRXrtc3=<M3FCA{>UMntNNunYhKjm>Fx&K3I!5mtb_4Cre@nm6F~OeYBf)VuzQ
z=oAnV_G*VWo|E7a?uw6Q1kqR{&81rxNtvN*e4N(XE2#sxpAu{H^SOaf??fI>yq5RN
z%>X1_MWxy?s?o74ZhV&jBf~wG9K1`%$BRuA1vpV$tb5<X;W1cHkYPyVlLiIGvcQ5D
zCXy$_Xe%Gcu_jrgoJhB}M5}0$%^=6$yjTYc78Z<x8r+LVf6;<y4hJk&+*~h5e$cv4
zXjM5Pnm7J?gUWE_nKL_$be9jmNJ3ZBtBFQWn8@t+PY+mPD=Wv8NnWgIysCyq+FMBJ
z&)*k2)CoO`(EU9<%#KY1{OV%6d~d9`*FV}bI58&2)yO~(0hqoLac``~g|kFqOI|s_
zSm6@DhLLqbSLH)zs}g^|ia+M`;u_=LJ*f}+wd)*jN6dJ*?U>!~sM8YVSJ-i^QTE(f
z%l~lKnMDHeQea3W+icM4p2#QZal%3!oyQ<JJ#=*g^V74?RCU>v*V*Ch*e=liH+?eK
z+J<$5<*4#K^*F9u{Bs5l(-_}Juj#v*3{S5+3l;|{R*=Akrd0cFcYNj=lpgx5rYGlz
zTC!MC#HderpZP9{Ml!uiKIYSqZq-fBVpL+MTQ{wWrW<-;KD#*RzL4s5N*_?&pp?x4
zg<EI_JHFX!6?d80jubAmBDTZIyr+8||EN(p%lTJ}*-7D-ejWOfiizBGVAD|9jjyUJ
z6~{&ao`JO<bxyf|Mw!Ox$K(zQH$v(UmwkUVQ{zGVI!;pCk8mymRg?ZZmqkz4zdZID
zAMt1~kDj;Ux&J}g8YDHZh}iWroYaiFwoS;A9)8sA8)!j_?@IpQxn`sNDu)e9@YB0B
z%zw7SC)=PVd_VMN*%%N#Z&)|R!J`aS)buK9b?hgcc7U5;#EJOmt+flI2eU|AY|_gb
zT*IIzji)7Yaed&&M`=ls?A_;&C<!OajTK%jdo)Fl7Rt)XibO*q-PF0^)O7DXx#e7$
zA^i6Y<zH{*SG#ll`>ft$NG4bN&)jq;bOSqy%Rks0Epop<^SXi`;Cbo7`RVrj<?!pu
z+R1f_kF{6dtzH$O5FXbJUID)JCj}qbq=!a0V4Ctj=lML2aAK~=WS}pmt<5b8i4!j~
zWpZ@<2x7ZZMyWiD^QyahuxZ%2OtbAdeuOWd^yQ4t&)^q8HGG~{%C6>X?<Q_P7xghZ
zZi?d4KfQTRY4>(|Y)G#igtUd^>%G7%(I+>5nxZ^G^*&1{ibYTkceU>x+-qCvXoebt
zO<}y7HPx_An^W)(|8Wyz8eu}K=Oono3ap%V-LP$_heoExY<@`F(1~LRtM^hZ4o~Mf
zy3%#RqJLhv+4zyXpLC&HXf7W0f~sp!-!1i@<RZQCm|ahODQIbSw`hML*-&ueJA?Y|
zqc{5^`4|Hv)|M^K=-HYpiRPJoviwQTr!qm}g;8FWYS_-Sq|m!3PN6MCD(l`7n`<}b
zM{$qw4-NL>&0|@=zoksz-`zgEa`}r%ZY9P|y(3{U+WroU$*MBg(nVNJg7j5#W~a+0
zaC``Do{CNgHbNE_|FJjnZU2~QUp*-+3$?|EzH1+DbudBw{h+F&<*4yLM_C13qAz*w
zq3#~oIOtWXHbR}`({6)JbegaZSKX)E)e-%S&y~@qO9;b>i#9kp*c%fTmHj?|+4zf2
z(fuj8l&;#G43s(5Q?~4lfR>-h@YniI#_Kbg<1bB?qFF?Qm{_gWO<{bGWwo`*pSObO
zt+LE6)waSrnF?js*jO-!T<W&Ej&402i4hn5izep2X`FTrg&sB$zfcMTC8Ht;C*2Ac
zCsV=UF9=asIV0;BO!F~g$;>@*^R9$N&J?kf`mLsgz7i8U!hDY*2Mc*82aWZsI75f+
zrLi$Wk?Us&!H(t2Sx=U-FB)m+G~s$KI{iJfw05&`NKA%M@JIJQF<?>aQk{h!Tr^S)
zE1o`uP-v2Lh)!bET;4o>&%iLkl(!SKT|C@sW)glU@s5w5RP&qK2zcinoq0Fmg_d$X
zR7PXtQ#qe-=Gi&1ItEsA!`n&=qAC^f=Zt?m*JR1fbfB0N!(;m-&T%xDp}y|_Y44+b
zDzTxp60k%ZQeGY4p1nzMLxu5b++mJGnHZnRZt%|TN^6-k8Q5{|9hRgxX{d}lyighb
zm;K4}FUCT8=wWwwOHpnEq@<WxL7?453Z59H@8;Zmb4i6^uD|$St|zNFZ&h}1o4x3R
z@h!6^(n1dY+m%YHH0Eas?iO)3;-b18XAaD;*zf)NytRkEj$MQn1c!LSH-9nWh?0(*
z!=miJRbSE))u`_tmDCA$bxxeJ31LdbOXNS_7Pgh&<3Ad~SEqp#K5!f=N*P~A8GvDP
zC`@bzV(F`b&$$#FF@(e1nVN<B(LmeT5RspcHkQIV2pz8ZvO`70)+B7KXZ;70QS4=9
zwr3DDL<;<f0Yg+}Q4tji5&FiDAki@@L|^o=jI6195YI@ZEW`(W^@%Bc@b=Vppv$$C
zg?{UusO_;Sh#^~GCqcgj`~g6#+x0qNHX&6thf>#C!0#(Nd@xh<9yuM;F)A4CD&d^n
z3#564s^33YDvts6ozuN#5cgdHMBENHBGTr^=!w=MVXbUDf8@b3X!M5pDyX0cuG3_M
ziJiQ4swy6~FoTPLef(7Cj-4_YW#Ii~3{r_R%4GmAd<e#Vk=p5ceFuh9&09EL;sdWK
zHr(#j<&b&u-K@3<H(EW7MD)7+lbUJsGO>$LoPSiN?)MZM+UW3u5sHJDfvqk5!?`ed
zSb>_fTU{)(2axB*gtVe#<9Cg^BU^0Wu>F^BiX*<6TvZ-DF$DE_%DguKcXyUx2^q}c
zh$~~E&s8w@W0-%h)%bGAKoN_c^b-ZI`B@4pX8Szmh1NA$Ya@0ut(p*&33{zTE9asq
zo>gbLR<GhdO%%s*HUcxRywS>6oc{cWfX&cU?Xe-qoiQA>ef-^x0i32A9!w8jn~QH`
zJc6U~Av5l;8|TkZ8D((z)1g9yuW-FzNP$y81+ucB`5Fs1?%{V2B^dirkLFRXP+K8L
zGK;e%c_~tL$qi-yv`8XijTX;Qd&Q!I<%j(#W15nU!FBWrF%3Iia;lp^Dj6eITC(kg
z;6t^4WJYX~-1sF<FKJiT8fc!=>(mxzxig0pik)wDHvJEzK2WGeV=Y}%?_@>&ox^~M
LfrWk>#v}DVbUbqo

literal 0
HcmV?d00001

diff --git a/meta.json b/meta.json
index 501795ef..621bd350 100644
--- a/meta.json
+++ b/meta.json
@@ -3289,5 +3289,28 @@
       "queue",
       "rabbitmq"
     ]
+  },
+  {
+    "id": "zitadel",
+    "name": "Zitadel",
+    "version": "latest",
+    "description": "Open-source identity and access management platform with multi-tenancy, OpenID Connect, SAML, and OAuth 2.0 support.",
+    "logo": "zitadel.png",
+    "links": {
+      "github": "https://github.com/zitadel/zitadel",
+      "website": "https://zitadel.com/",
+      "docs": "https://zitadel.com/docs/"
+    },
+    "tags": [
+      "identity",
+      "authentication",
+      "authorization",
+      "iam",
+      "security",
+      "oauth",
+      "openid-connect",
+      "saml",
+      "multi-tenant"
+    ]
   }
 ]
\ No newline at end of file