mikkel/pvm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pvm/docker
History
Mikkel Georgsen a22ba48709 Add Zitadel OIDC setup, SMTP config, and security fixes 
- Add setup-zitadel.sh: idempotent script that creates PVM project
  and OIDC app via Zitadel Management API using machine user PAT
- Add machine user + PAT auto-generation to docker-compose via
  FIRSTINSTANCE env vars with bind-mounted machinekey directory
- Add SMTP configuration for email sending (verification, password reset)
- Fix JWT algorithm confusion attack: restrict to RS256/384/512 only
- Add docs/TODO_SECURITY.md tracking review findings
- Update .env.example files with correct local dev URLs
- Add docker/machinekey/ to .gitignore

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 12:34:44 +01:00
..
.env.example Add Zitadel OIDC setup, SMTP config, and security fixes 2026-02-08 12:34:44 +01:00
docker-compose.dev.yml Add Zitadel OIDC setup, SMTP config, and security fixes 2026-02-08 12:34:44 +01:00
README.md Scaffold base webapp: Rust/Axum API + SvelteKit dashboard + Docker dev env 2026-02-08 03:37:07 +01:00
setup-zitadel.sh Add Zitadel OIDC setup, SMTP config, and security fixes 2026-02-08 12:34:44 +01:00

README.md

PVM Docker Dev Environment

Local development stack with Zitadel auth, PostgreSQL, and DragonflyDB.

Services

Service Description Port
zitadel Zitadel v3 identity provider (OIDC/OAuth2) 8080
zitadel-db PostgreSQL 16 for Zitadel (internal, not exposed)
pvm-db PostgreSQL 16 for PVM application data 5432
dragonfly DragonflyDB (Redis-compatible cache) 6379

Quick Start

# Copy env file and adjust if needed
cp .env.example .env

# Start all services
docker compose -f docker-compose.dev.yml up -d

# Check status
docker compose -f docker-compose.dev.yml ps

# View Zitadel logs (first startup takes ~30-60s)
docker compose -f docker-compose.dev.yml logs -f zitadel

Zitadel Admin Console

Once Zitadel finishes initializing (watch the logs for "server is listening"), open:

First-Time Zitadel Setup

After the first docker compose up, configure Zitadel for PVM:

  1. Log in to the admin console at http://localhost:8080/ui/console
  2. Create a project called "PVM"
  3. Create an application within the project:
    • Name: "PVM Web"
    • Type: Web
    • Auth method: PKCE (recommended for SvelteKit)
    • Redirect URIs: http://localhost:5173/auth/callback/zitadel
    • Post-logout URIs: http://localhost:5173
  4. Note the Client ID — you'll need it for SvelteKit's AUTH_ZITADEL_ID
  5. (Optional) Configure social login providers under Settings > Identity Providers:
    • Google, Apple, Facebook — each requires an OAuth app from the respective developer console

Connecting from the PVM Backend

# PostgreSQL (PVM app database)
DATABASE_URL=postgres://pvm:pvm-dev-password@localhost:5432/pvm

# DragonflyDB (Redis-compatible)
REDIS_URL=redis://localhost:6379

# Zitadel issuer (for OIDC/JWT validation)
ZITADEL_URL=http://localhost:8080

Stopping & Cleanup

# Stop services (data is preserved in volumes)
docker compose -f docker-compose.dev.yml down

# Stop and delete all data (fresh start)
docker compose -f docker-compose.dev.yml down -v