From 1f6ee088ab7f6a54a26148f2678baa9326427024 Mon Sep 17 00:00:00 2001
From: Teck Meng <furyx@hotmail.com>
Date: Fri, 13 Sep 2024 12:45:05 +0800
Subject: [PATCH] Refactor authentik.yml to add AUTHENTIK_SECRET_KEY
 environment variable, remove root user from worker service, and update file
 paths for media, certs, and custom templates

---
 swarm/authentik.yml | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/swarm/authentik.yml b/swarm/authentik.yml
index 372c300..5fcd0e9 100644
--- a/swarm/authentik.yml
+++ b/swarm/authentik.yml
@@ -1,5 +1,18 @@
 ---
 
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local
+
+networks:
+  authentik-net:
+    driver: overlay
+    attachable: true
+  traefik-public:
+    external: true
+
 services:
   postgresql:
     image: docker.io/library/postgres:16-alpine
@@ -19,6 +32,8 @@ services:
       AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
     # env_file:
     #   - .env
+    networks:
+      - authentik-net
   redis:
     image: docker.io/library/redis:alpine
     command: --save 60 1 --loglevel warning
@@ -31,6 +46,8 @@ services:
       timeout: 3s
     volumes:
       - redis:/data
+    networks:
+      - authentik-net
   server:
     image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1}
     restart: unless-stopped
@@ -56,6 +73,9 @@ services:
     depends_on:
       - postgresql
       - redis
+    networks:
+      - authentik-net
+      - traefik-public
     deploy:
       labels:
         - traefik.enable=true
@@ -93,9 +113,6 @@ services:
     depends_on:
       - postgresql
       - redis
+    networks:
+      - authentik-net
 
-volumes:
-  database:
-    driver: local
-  redis:
-    driver: local