services: app: build: context: . dockerfile: Dockerfile restart: unless-stopped ports: - "8080:8080" environment: ASPNETCORE_ENVIRONMENT: Production # ── Database ─────────────────────────────────────────────────────────── ConnectionStrings__OrchestratorDb: "Host=postgres;Port=5432;Database=orchestrator;Username=ots;Password=${POSTGRES_PASSWORD}" # ── JWT ──────────────────────────────────────────────────────────────── Jwt__Key: "${JWT_KEY}" Jwt__Issuer: "OTSSignsOrchestrator" Jwt__Audience: "OTSSignsOrchestrator" # ── Bitwarden ────────────────────────────────────────────────────────── Bitwarden__AccessToken: "${BITWARDEN_ACCESS_TOKEN}" Bitwarden__OrganizationId: "${BITWARDEN_ORG_ID}" Bitwarden__ProjectId: "${BITWARDEN_PROJECT_ID}" # Bitwarden__InstanceProjectId: "${BITWARDEN_INSTANCE_PROJECT_ID}" # ── Stripe ───────────────────────────────────────────────────────────── Stripe__SecretKey: "${STRIPE_SECRET_KEY}" Stripe__WebhookSecret: "${STRIPE_WEBHOOK_SECRET}" # ── Authentik ────────────────────────────────────────────────────────── Authentik__BaseUrl: "${AUTHENTIK_BASE_URL}" Authentik__ApiToken: "${AUTHENTIK_API_TOKEN}" Authentik__OtsSigningKpId: "${AUTHENTIK_OTS_SIGNING_KP_ID}" # ── Email ────────────────────────────────────────────────────────────── Email__SendGridApiKey: "${SENDGRID_API_KEY}" volumes: - dataprotection_keys:/app/dataprotection-keys depends_on: postgres: condition: service_healthy postgres: image: postgres:16 restart: unless-stopped environment: POSTGRES_DB: orchestrator POSTGRES_USER: ots POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}" ports: - "5432:5432" volumes: - pgdata:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ots -d orchestrator"] interval: 10s timeout: 5s retries: 5 volumes: pgdata: dataprotection_keys: