services:
  postgres:
    image: postgres:15-alpine
    restart: unless-stopped
    environment:
      POSTGRES_USER: infisical
      POSTGRES_PASSWORD: ${INFISICAL_POSTGRES_PASSWORD:?set in infisical.env}
      POSTGRES_DB: infisical
    volumes:
      - postgres-data:/var/lib/postgresql/data
    networks:
      - infisical

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    command: ["redis-server", "--save", "20", "1", "--loglevel", "warning"]
    volumes:
      - redis-data:/data
    networks:
      - infisical

  infisical:
    image: infisical/infisical:latest
    restart: unless-stopped
    depends_on:
      - postgres
      - redis
    environment:
      NODE_ENV: production
      PORT: ${INFISICAL_PORT:-8080}
      HOST: 0.0.0.0
      SITE_URL: ${INFISICAL_SITE_URL}
      NEXTAUTH_URL: ${INFISICAL_SITE_URL}
      NEXT_PUBLIC_SITE_URL: ${INFISICAL_SITE_URL}
      ENCRYPTION_KEY: ${INFISICAL_ENCRYPTION_KEY:-}
      ROOT_ENCRYPTION_KEY: ${INFISICAL_ROOT_ENCRYPTION_KEY:?generate_base64_secret}
      AUTH_SECRET: ${INFISICAL_AUTH_SECRET:?generate_base64_secret}
      NEXTAUTH_SECRET: ${INFISICAL_AUTH_SECRET:?generate_base64_secret}
      REDIS_URL: redis://redis:6379
      DATABASE_URL: ${INFISICAL_DATABASE_URL:?computed_in_env_file}
      DATABASE_URL_NON_POOLING: ${INFISICAL_DATABASE_URL:?computed_in_env_file}
      DATABASE_HOST: postgres
      DATABASE_PORT: 5432
      DATABASE_USERNAME: infisical
      DATABASE_PASSWORD: ${INFISICAL_POSTGRES_PASSWORD:?set in infisical.env}
      DATABASE_NAME: infisical
      DB_CONNECTION_URI: ${INFISICAL_DATABASE_URL:?computed_in_env_file}
      DB_HOST: postgres
      DB_PORT: 5432
      DB_USER: infisical
      DB_PASSWORD: ${INFISICAL_POSTGRES_PASSWORD:?set in infisical.env}
      DB_NAME: infisical
      TELEMETRY_ENABLED: ${INFISICAL_TELEMETRY_ENABLED:-false}
    ports:
      - "127.0.0.1:${INFISICAL_PORT:-8080}:8080"
    networks:
      - infisical

networks:
  infisical:
    driver: bridge

volumes:
  postgres-data:
  redis-data: