diff --git a/roles/ind/authelia/docker-compose.env b/roles/ind/authelia/docker-compose.env index e69de29..60103f4 100644 --- a/roles/ind/authelia/docker-compose.env +++ b/roles/ind/authelia/docker-compose.env @@ -0,0 +1,18 @@ +PG_PASS=YZeUpMzsTk2uxwGxgEcwH0tmYbTOpjjhbmm1HWs8bSEOfEw2 +AUTHENTIK_SECRET_KEY=JGR9A77j3IvS7bzXMnYvX+DFLegh9HG5Hag14dKwVNStD97n4OrtJxztpeCmzeHN3RJuWo1x4Q+6Cssx +AUTHENTIK_ERROR_REPORTING__ENABLED=true + +#Email setup +# SMTP Host Emails are sent to +AUTHENTIK_EMAIL__HOST=localhost +AUTHENTIK_EMAIL__PORT=25 +# Optionally authenticate (don't add quotation marks to your password) +AUTHENTIK_EMAIL__USERNAME= +AUTHENTIK_EMAIL__PASSWORD= +# Use StartTLS +AUTHENTIK_EMAIL__USE_TLS=false +# Use SSL +AUTHENTIK_EMAIL__USE_SSL=false +AUTHENTIK_EMAIL__TIMEOUT=10 +# Email address authentik will send from, should have a correct @domain +AUTHENTIK_EMAIL__FROM=authentik@localhost \ No newline at end of file diff --git a/roles/ind/authelia/docker-compose.yml b/roles/ind/authelia/docker-compose.yml index 1a5c6e9..4e77d1c 100644 --- a/roles/ind/authelia/docker-compose.yml +++ b/roles/ind/authelia/docker-compose.yml @@ -1,20 +1,92 @@ -services: - server: - - authelia: - image: authelia/authelia - container_name: authelia - ports: - - 9091:9091/tcp - volumes: - - '/home/docker/authelia:/config' - restart: unless-stopped +--- - redis: - image: redis:alpine - container_name: redis +services: + postgresql: + image: docker.io/library/postgres:16-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s volumes: - - '/home/docker/redis:/data' - expose: - - 6379 - restart: unless-stopped \ No newline at end of file + - database:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-authentik} + POSTGRES_DB: ${PG_DB:-authentik} + env_file: + - .env + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - redis:/data + server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.1} + restart: unless-stopped + command: server + environment: + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + volumes: + - ./media:/media + - ./custom-templates:/templates + env_file: + - .env + ports: + - "${COMPOSE_PORT_HTTP:-9000}:9000" + - "${COMPOSE_PORT_HTTPS:-9443}:9443" + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + worker: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.1} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # `user: root` and the docker socket volume are optional. + # See more for the docker socket integration here: + # https://goauthentik.io/docs/outposts/integrations/docker + # Removing `user: root` also prevents the worker from fixing the permissions + # on the mounted folders, so when removing this make sure the folders have the correct UID/GID + # (1000:1000 by default) + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates + env_file: + - .env + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + +volumes: + database: + driver: local + redis: + driver: local