furyhawk/cloudy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34a9767106d0deaab4c88b5103e6886575bf6bc9
cloudy/swarm/authentik.yml
T

119 lines
3.6 KiB
YAML
Raw Blame History

---
volumes:
database:
driver: local
redis:
driver: local
networks:
authentik:
driver: overlay
attachable: true
traefik-public:
external: true
services:
postgresql:
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?database password required}
POSTGRES_USER: ${POSTGRES_USER:-authentik}
POSTGRES_DB: ${PG_DB:-authentik}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
# env_file:
# - .env
networks:
- authentik
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- redis:/data
networks:
- authentik
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1}
restart: unless-stopped
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
volumes:
- /var/data/authentik/media:/media
- /var/data/authentik/custom-templates:/templates
# env_file:
# - .env
expose:
- 9000
- 9443
# ports:
# - "${COMPOSE_PORT_HTTP:-9000}:9000"
# - "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
- postgresql
- redis
networks:
- authentik
- traefik-public
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.routers.authentik-rtr.entrypoints=https
- traefik.http.routers.authentik-rtr.rule=Host(`authentik.${DOMAIN}`)
- traefik.http.routers.authentik-rtr.tls.certresolver=le
- traefik.http.routers.authentik-rtr.service=authentik-svc
- traefik.http.services.authentik-svc.loadbalancer.server.port=9000
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1}
restart: unless-stopped
command: worker
environment:
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
# user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/data/authentik/media:/media
- /var/data/authentik/certs:/certs
- /var/data/authentik/custom-templates:/templates
# env_file:
# - .env
depends_on:
- postgresql
- redis
networks:
- authentik
Reference in New Issue View Git Blame Copy Permalink