Authentik-Rolle einmal ordentlich gemacht und gefixt
This commit is contained in:
parent
4c165f716b
commit
701c897aff
25 changed files with 271 additions and 263 deletions
|
@ -1,5 +1,12 @@
|
|||
---
|
||||
|
||||
container_names:
|
||||
authentik:
|
||||
server: "authentik-server-1.server4"
|
||||
worker: "authentik-worker-1.server4"
|
||||
redis: "authentik-redis-1.server4"
|
||||
db: "authentik-postgresql-1.server4"
|
||||
|
||||
authentik_error_reporting: "true"
|
||||
authentik_email_host: "mail.un-hack-bar.de"
|
||||
authentik_email_port: "587"
|
||||
|
@ -12,3 +19,7 @@ authentik_domain: "auth.un-hack-bar.de,auth.unhb.de"
|
|||
authentik_allow_users_to_change_email: "false" # disable emailaddress changes to avoid emailaddress collisions
|
||||
authentik_allow_users_to_change_names: "true" # enables name changes
|
||||
authentik_allow_users_to_change_usernames: "false" # disable username changes to avoid username collisions
|
||||
authentik_postgres_version: "12-alpine"
|
||||
|
||||
version:
|
||||
authentik: "2023.5.4"
|
||||
|
|
|
@ -1,40 +1,46 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
36633533303235343132386665366638363732633564323339303662393835613961353939613237
|
||||
3634613736316165303133363532333865356662346137330a653435303939323066623765326630
|
||||
37646565666466323463313466343265373465633765313361333337336162373064366165623033
|
||||
3235313935633731360a653361343163613339313061343737326262333834613131313563346137
|
||||
37353932376463336431303966363539323734623061613766613063393537333562346232313664
|
||||
37383236303137633535363639313134393539383432303764343564393935323266616262366162
|
||||
61343164383066353866646466363466356531346139326663626439626234386634656361353436
|
||||
31346233643465646566333064633030643963383963356137373234373665363735333366633933
|
||||
36373466316161366138363836613637666338613639313032633839616462336232633761623931
|
||||
30666538663162323063623564656537623234323338356331646466653337333433656164663434
|
||||
63323735613239306132636564623662303039313066623666373338633866343462656462636232
|
||||
34353231303561386166336335643134616561656161663766313966613130623964656334336263
|
||||
65313063353136316333663430666535633065346163613931303137636137643761666236363065
|
||||
34643963376365666363373866323937613434386235623336623161386137303532396235376134
|
||||
30386563306138306566633634323266613064626665626530356530353566363434363837383534
|
||||
37306261353730643833616461636565326237643934653263316231363038353932313266666335
|
||||
65343430343739396165333937346535313465646534363733663532356431383733373430623331
|
||||
37306161306261383133326665303365306436656662346663373033333664303366366633656663
|
||||
63303938333861653765626234653562353834313764313236353762623430633430383037316138
|
||||
37303866373831376133643832333230663332646530363139306163633063316565343934363431
|
||||
62313032313661373837313032313531363736316664306134333466663630643633393037346135
|
||||
35363564613936663237353664363930656139373630323935636439303834613634653364383234
|
||||
33656436613265363864383664653039326635303430623436303439323633613262366264636639
|
||||
65353831373036623130653061386162353462383431323730646637373964333233353437343530
|
||||
39613662366534643264346130313764356461333266313761323137666634326437613163356232
|
||||
32663730383162646466306466386339393964303239613637623538623631306636653434333432
|
||||
35353733326162383064306666353839636635633666356537643839633738663464663265663432
|
||||
30646239613464313332646438663933356335303835363237316631366138383037386232373664
|
||||
65396432393563303639343131363437346561393136316163346261313064366439653637636534
|
||||
38343365366264633432363964373435353063393932323231316137623037346638656466303263
|
||||
35656565313865323363326135343230333563353864313432376138616365303761656565353030
|
||||
30336461636631663666313332383262336635646463306136303438333437366336356533663864
|
||||
35373830306138393265633130633334373931663038333666393263366535656135633234313263
|
||||
34323330306337363638363464306637653861333839303437616162633561326237656462653235
|
||||
66363536376630353830316461616265393136646262376432663637323036336137613461343538
|
||||
35636535303534393833303962363735343066333239336266633633633061633034316333343966
|
||||
66616238373561346636393337633930613435326634366134363265363332363465643034303635
|
||||
35396532643339393565653633626265366532626231333630646235663863386362646466353761
|
||||
316134386534613533303132636338316334
|
||||
62363930646664323037656666343931623537393562363862313066326630363032623066653335
|
||||
6536633330306133323430363561313830623364333031370a663765336437386661313163333235
|
||||
66656230373562366266383830306234626665653636356666633062653033323039316366656437
|
||||
3762393864313861620a333237343430393566356232643537333634333164383834326431373264
|
||||
30313661616163323638326133313538653461383230353636346336396439303662623130663863
|
||||
32623833363039663564386661663037663238626634306562326361616262323637643034343330
|
||||
32306632356261313936646632663436653533613163316130346539656435653439346635323462
|
||||
64343834653964626563653039336361356566366431333634626536376430313737376463303131
|
||||
30343031663662313563346366393539346332353736666634643162333965393831343962613137
|
||||
66313430646566633438663865303761616335366134313535343639643039386536616435653132
|
||||
61653865333035376461663433653065306339316439633034306361383965303965636337343930
|
||||
30346635316636663030366237373831383165363039346637386136653363666233353531303931
|
||||
32376238626133613531316162663132623265616364373538366161383564656566663634343032
|
||||
61633538643665353837313031343431656534626239336464616566643539623562613434366438
|
||||
35383130613438333763343336336462383736623634356532376663663637383239663532363362
|
||||
66393333373636613233333865336233653336616532396665323738633337636631613832363235
|
||||
34383963313063376339643632336566613230653461343632323737333638343764336363313437
|
||||
61363635623962663364376361653739316366326634333532303864373439666236623762346661
|
||||
62626537633061393233653736666236343735363633663138633234353031666162623866646362
|
||||
37366563313864636634643133346166346131343237363333303236333362633433396538653335
|
||||
35626633386238303433313363306232393663333238613839336638653637373664303337656635
|
||||
66663735393334323761333266386531366137313136356632666139326432306337386635383165
|
||||
65653062373332626334346561356132303734633462643136396562363634396230626530613432
|
||||
38323030633532386162353363663966663966356135303234376636376434653765613636363463
|
||||
33346330353732616239393130396666366532323135313032663730383431346533613666393236
|
||||
66323164373965666333643033396534326663653361386334383338633835373661373765633530
|
||||
62626437386434333165613332343936363232356464326231386232303261393432366564383231
|
||||
34353333373733336434333330613264636431313337376462363262323034303261393532613065
|
||||
65316161396639633638396339383430623031666632343931333139383161396132613565386132
|
||||
62613564633966363830363835616338356664383334633334623039353539616661373535653266
|
||||
62393733656333336532346331306234626465636133396562333239363935643938326263666236
|
||||
32396133303434626139393965633261313135656635386362636136666534353765383262383731
|
||||
35323937656665323336633035363338363738643137383431303365363938646566383966613238
|
||||
37396339303633366534663361666464326339316537656336303734353965616539633131636537
|
||||
61366537313835666563363865363463623636366465373563616336363430613062616535383036
|
||||
38613938343831633364333739393536343730363533393762353033313632333233336633383561
|
||||
61663232356534353833346633613836386239306133663837616364663130633033386231383337
|
||||
37396430633134306235363930656265633235353831353062313332373262643934326138353431
|
||||
33343739376530366237366233623738373637393837383464663031353166373434313436323232
|
||||
38343864313865353662346663646430633131343762353064396638323335636533326266373836
|
||||
30323034643939316233666630666265636561303430323931343963346635616536373632623636
|
||||
65653565656238653164346539663330363931333230313364646133663036316161393362383939
|
||||
38623832363162353130646336623563653362323738343934373138303133303639616138646535
|
||||
31383936326163313031346137343663343336383133373935616431646331323138303363646430
|
||||
3866
|
||||
|
|
|
@ -10,5 +10,10 @@
|
|||
- name: restart-authentik-docker
|
||||
ansible.builtin.systemd:
|
||||
state: restarted
|
||||
name: authentik-docker.service
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- authentik-redis-docker.service
|
||||
- authentik-db-docker.service
|
||||
- authentik-server-docker.service
|
||||
- authentik-worker-docker.service
|
||||
tags: molecule-notest
|
120
roles/authentik_docker/tasks/main.yml
Normal file
120
roles/authentik_docker/tasks/main.yml
Normal file
|
@ -0,0 +1,120 @@
|
|||
---
|
||||
|
||||
- name: "Install dependencies"
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- docker.io
|
||||
|
||||
- name: "Create directory for Authentik with Docker"
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0750'
|
||||
with_items:
|
||||
- "{{ docker_volumes_dir }}/authentik"
|
||||
|
||||
- name: "Create directories for Authentik Docker"
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: 1000
|
||||
group: 1000
|
||||
mode: '0750'
|
||||
with_items:
|
||||
- "{{ docker_volumes_dir }}/authentik/media"
|
||||
- "{{ docker_volumes_dir }}/authentik/custom-templates"
|
||||
- "{{ docker_volumes_dir }}/authentik/certs"
|
||||
|
||||
- name: "Create Redis and Database directores for Authentik with Docker"
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: 999
|
||||
group: root
|
||||
mode: '0750'
|
||||
with_items:
|
||||
- "{{ docker_volumes_dir }}/authentik/redis"
|
||||
- "{{ docker_volumes_dir }}/authentik/database"
|
||||
|
||||
- name: "Template .env files for Authentik with Docker"
|
||||
ansible.builtin.template:
|
||||
src: "authentik.env.j2"
|
||||
dest: "{{ docker_volumes_dir }}/authentik/authentik.env"
|
||||
force: true
|
||||
owner: authentik-docker
|
||||
group: docker
|
||||
mode: '0660'
|
||||
notify: restart-authentik-docker
|
||||
|
||||
#- name: "Template docker-compose.yml for authentik-docker"
|
||||
# ansible.builtin.template:
|
||||
# src: "{{ item }}.j2"
|
||||
# dest: "/{{ docker_compose_config_dir }}/authentik/{{ item }}"
|
||||
# force: true
|
||||
# owner: root
|
||||
# group: docker
|
||||
# mode: '0640'
|
||||
# with_items:
|
||||
# - docker-compose.yml
|
||||
# notify: restart-authentik-docker
|
||||
|
||||
- name: "Create Docker network authentik_net"
|
||||
docker_network:
|
||||
name: authentik_net
|
||||
|
||||
- name: "Template systemd units for Authentik with Docker"
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/etc/systemd/system/{{ item }}"
|
||||
force: true
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0664'
|
||||
with_items:
|
||||
- authentik-server-docker.service
|
||||
- authentik-worker-docker.service
|
||||
- authentik-redis-docker.service
|
||||
- authentik-db-docker.service
|
||||
register: units
|
||||
|
||||
#- name: "Add a user that will run the container"
|
||||
# ansible.builtin.user:
|
||||
# name: authentik-docker
|
||||
# comment: Authentik Docker User
|
||||
# home: "{{ docker_volumes_dir }}/authentik"
|
||||
# group: docker
|
||||
# system: true
|
||||
|
||||
#- name: "Template systemd unit file for Authentik with Docker"
|
||||
# ansible.builtin.template:
|
||||
# src: "authentik-docker.service.j2"
|
||||
# dest: "/etc/systemd/system/authentik-docker.service"
|
||||
# force: true
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: '0644'
|
||||
# register: unit
|
||||
# notify: systemctl-daemon-reload
|
||||
|
||||
- name: "Reload systemd units"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: yes
|
||||
when: units.changed
|
||||
|
||||
- name: "Enable systemd units for Authentik with Docker"
|
||||
ansible.builtin.systemd:
|
||||
state: started
|
||||
enabled: true
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- authentik-db-docker.service
|
||||
- authentik-redis-docker.service
|
||||
- authentik-server-docker.service
|
||||
- authentik-worker-docker.service
|
||||
|
||||
#- name: "Enable systemctl service for authentik-docker"
|
||||
# ansible.builtin.service:
|
||||
# state: started
|
||||
# name: "authentik-docker.service"
|
|
@ -0,0 +1,18 @@
|
|||
[Unit]
|
||||
Description=Postgres for Authentik with Docker
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.db }}
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.db }} --network authentik_net \
|
||||
--env-file {{ docker_volumes_dir }}/authentik/authentik.env --expose 5432 \
|
||||
-v {{ docker_volumes_dir }}/authentik/database:/var/lib/postgresql/data \
|
||||
docker.io/library/postgres:{{ authentik_postgres_version }}
|
||||
ExecStop=/usr/bin/docker stop {{ container_names.authentik.db }}
|
||||
Restart=always
|
||||
RestartSec=15s
|
||||
Type=exec
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=Redis with Docker for Authentik
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.redis }}
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.redis }} --network authentik_net \
|
||||
-v {{ docker_volumes_dir }}/authentik/redis:/data \
|
||||
docker.io/library/redis:alpine --save 60 1 --loglevel warning
|
||||
ExecStop=/usr/bin/docker stop {{ container_names.authentik.redis }}
|
||||
Restart=always
|
||||
RestartSec=15s
|
||||
Type=exec
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,21 @@
|
|||
[Unit]
|
||||
Description=Authentik with Docker
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }}
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} --network authentik_net \
|
||||
--expose 9000 --expose 9443 \
|
||||
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
||||
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
||||
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
||||
ghcr.io/goauthentik/server:{{ version.authentik }} server
|
||||
ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect nginx_net {{ container_names.authentik.server }}"
|
||||
ExecStop=/usr/bin/docker stop {{ container_names.authentik.server }}
|
||||
Restart=always
|
||||
RestartSec=15s
|
||||
Type=exec
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,22 @@
|
|||
[Unit]
|
||||
Description=Authentik Worker with Docker
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.worker }}
|
||||
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.worker }} --network authentik_net \
|
||||
--expose 9000 --expose 9443 \
|
||||
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
||||
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
||||
-v {{ docker_volumes_dir }}/authentik/certs:/certs \
|
||||
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
||||
ghcr.io/goauthentik/server:{{ version.authentik }} server worker
|
||||
ExecStartPost=/usr/bin/bash -c "/bin/sleep 10 && /usr/bin/docker network connect nginx_net {{ container_names.authentik.worker }}"
|
||||
ExecStop=/usr/bin/docker stop {{ container_names.authentik.worker }}
|
||||
Restart=always
|
||||
RestartSec=15s
|
||||
Type=exec
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,4 +1,13 @@
|
|||
PG_PASS={{ authentik_pg_pass }}
|
||||
AUTHENTIK_REDIS__HOST="{{ container_names.authentik.redis }}"
|
||||
AUTHENTIK_POSTGRESQL__HOST="{{ container_names.authentik.db }}"
|
||||
AUTHENTIK_POSTGRESQL__USER={{ database_vars.postgres.authentik.user }}
|
||||
AUTHENTIK_POSTGRESQL__NAME={{ database_vars.postgres.authentik.db }}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD={{ database_vars.postgres.authentik.password }}
|
||||
VIRTUAL_HOST={{ authentik_domain }}
|
||||
VIRTUAL_PORT={{ authentik_port_http }}
|
||||
LETSENCRYPT_HOST={{ authentik_domain }}
|
||||
LETSENCRYPT_EMAIL={{letsencrypt_email }}
|
||||
#PG_PASS={{ database_vars.postgres.authentik.password }}
|
||||
AUTHENTIK_SECRET_KEY={{ authentik_secret }}
|
||||
AUTHENTIK_ERROR_REPORTING__ENABLED={{ authentik_error_reporting }}
|
||||
# SMTP Host Emails are sent to
|
||||
|
@ -19,3 +28,4 @@ AUTHENTIK_PORT_HTTPS={{ authentik_port_https }}
|
|||
AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL={{ authentik_allow_users_to_change_email }}
|
||||
AUTHENTIK_DEFAULT_USER_CHANGE_NAME={{ authentik_allow_users_to_change_names }}
|
||||
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME={{ authentik_allow_users_to_change_usernames }}
|
||||
AUTHENTIK_GEOIP=/dev/null #The docs say this is the way to disable GeoIP...
|
|
@ -1,70 +0,0 @@
|
|||
---
|
||||
|
||||
- name: "Install dependencies"
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- docker.io
|
||||
- apparmor # if not installed, Docker will complain
|
||||
|
||||
- name: "Create directories for authentik-docker"
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: authentik-docker
|
||||
group: docker
|
||||
mode: '0755'
|
||||
with_items:
|
||||
- "{{ docker_compose_config_dir }}/authentik"
|
||||
- "{{ docker_volumes_dir }}/authentik/database"
|
||||
- "{{ docker_volumes_dir }}/authentik/redis"
|
||||
- "{{ docker_volumes_dir }}/authentik/media"
|
||||
- "{{ docker_volumes_dir }}/authentik/custom-templates"
|
||||
- "{{ docker_volumes_dir }}/authentik/certs"
|
||||
|
||||
- name: "Template .env filexs for authentik-docker"
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/{{ docker_compose_config_dir }}/authentik/{{ item }}"
|
||||
force: true
|
||||
owner: authentik-docker
|
||||
group: docker
|
||||
mode: '0660'
|
||||
with_items:
|
||||
- .env
|
||||
notify: restart-authentik-docker
|
||||
|
||||
- name: "Template docker-compose.yml for authentik-docker"
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/{{ docker_compose_config_dir }}/authentik/{{ item }}"
|
||||
force: true
|
||||
owner: root
|
||||
group: docker
|
||||
mode: '0640'
|
||||
with_items:
|
||||
- docker-compose.yml
|
||||
notify: restart-authentik-docker
|
||||
|
||||
- name: "Add a user that will run the container"
|
||||
ansible.builtin.user:
|
||||
name: authentik-docker
|
||||
comment: Authentik Docker User
|
||||
home: "{{ docker_volumes_dir }}/authentik"
|
||||
group: docker
|
||||
system: true
|
||||
|
||||
- name: "Template systemd unit file for authentik-docker"
|
||||
ansible.builtin.template:
|
||||
src: "authentik-docker.service.j2"
|
||||
dest: "/etc/systemd/system/authentik-docker.service"
|
||||
force: true
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
register: unit
|
||||
notify: systemctl-daemon-reload
|
||||
|
||||
- name: "Enable systemctl service for authentik-docker"
|
||||
ansible.builtin.service:
|
||||
state: started
|
||||
name: "authentik-docker.service"
|
|
@ -1,35 +0,0 @@
|
|||
[Unit]
|
||||
Description=Authentik in Docker
|
||||
|
||||
[Service]
|
||||
Type=exec
|
||||
#User=authentik-docker
|
||||
WorkingDirectory={{ docker_compose_config_dir }}/authentik
|
||||
ExecStart=docker compose up postgresql redis server worker
|
||||
Restart=on-failure
|
||||
RestartSec=30s
|
||||
|
||||
# Optional hardening to improve security
|
||||
#ReadWritePaths={{ docker_volumes_dir }}/ /tmp/ {{ docker_compose_config_dir }}/
|
||||
#NoNewPrivileges=yes
|
||||
#MemoryDenyWriteExecute=true
|
||||
#PrivateDevices=yes
|
||||
#PrivateTmp=yes
|
||||
#ProtectHome=yes
|
||||
#ProtectSystem=strict
|
||||
#ProtectControlGroups=true
|
||||
#RestrictSUIDSGID=true
|
||||
#RestrictRealtime=true
|
||||
#LockPersonality=true
|
||||
#ProtectKernelLogs=true
|
||||
#ProtectKernelTunables=true
|
||||
#ProtectHostname=true
|
||||
#ProtectKernelModules=true
|
||||
#PrivateUsers=true
|
||||
#ProtectClock=true
|
||||
#SystemCallArchitectures=native
|
||||
#SystemCallErrorNumber=EPERM
|
||||
#SystemCallFilter=@system-service
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1,117 +0,0 @@
|
|||
---
|
||||
version: '3.4'
|
||||
|
||||
services:
|
||||
postgresql:
|
||||
image: docker.io/library/postgres:12-alpine
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 5s
|
||||
volumes:
|
||||
- {{ docker_volumes_dir }}/authentik/database:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=${PG_PASS:?database password required}
|
||||
- POSTGRES_USER=${PG_USER:-authentik}
|
||||
- POSTGRES_DB=${PG_DB:-authentik}
|
||||
networks:
|
||||
- authentik_net
|
||||
env_file:
|
||||
- .env
|
||||
redis:
|
||||
image: docker.io/library/redis:alpine
|
||||
command: --save 60 1 --loglevel warning
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 3s
|
||||
volumes:
|
||||
- {{ docker_volumes_dir }}/authentik/redis:/data
|
||||
networks:
|
||||
- authentik_net
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.12.0}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
VIRTUAL_HOST: {{ authentik_domain }}
|
||||
VIRTUAL_PORT: {{ authentik_port_http }}
|
||||
LETSENCRYPT_HOST: {{ authentik_domain }}
|
||||
LETSENCRYPT_EMAIL: {{letsencrypt_email }}
|
||||
volumes:
|
||||
- {{ docker_volumes_dir }}/authentik/media:/media
|
||||
- {{ docker_volumes_dir }}/authentik/custom-templates:/templates
|
||||
- {{ docker_volumes_dir }}/authentik/geoip:/geoip
|
||||
networks:
|
||||
- authentik_net
|
||||
- nginx_net
|
||||
env_file:
|
||||
- .env
|
||||
expose:
|
||||
- "${AUTHENTIK_PORT_HTTP:-9000}"
|
||||
- "${AUTHENTIK_PORT_HTTPS:-9443}"
|
||||
worker:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.11.3}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
# `user: root` and the docker socket volume are optional.
|
||||
# See more for the docker socket integration here:
|
||||
# https://goauthentik.io/docs/outposts/integrations/docker
|
||||
# Removing `user: root` also prevents the worker from fixing the permissions
|
||||
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
||||
# (1000:1000 by default)
|
||||
user: root
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- {{ docker_volumes_dir }}/authentik/media:/media
|
||||
- {{ docker_volumes_dir }}/authentik/certs:/certs
|
||||
- {{ docker_volumes_dir }}/authentik/custom-templates:/templates
|
||||
- {{ docker_volumes_dir }}/authentik/geoip:/geoip
|
||||
networks:
|
||||
- authentik_net
|
||||
env_file:
|
||||
- .env
|
||||
geoipupdate:
|
||||
image: "maxmindinc/geoipupdate:latest"
|
||||
volumes:
|
||||
- "{{ docker_volumes_dir }}/authentik/geoip:/usr/share/GeoIP"
|
||||
networks:
|
||||
- authentik_net
|
||||
environment:
|
||||
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
|
||||
GEOIPUPDATE_FREQUENCY: "8"
|
||||
env_file:
|
||||
- .env
|
||||
|
||||
volumes:
|
||||
database:
|
||||
driver: local
|
||||
redis:
|
||||
driver: local
|
||||
geoip:
|
||||
driver: local
|
||||
|
||||
networks:
|
||||
authentik_net:
|
||||
external: false
|
||||
name: authentik_net
|
||||
nginx_net:
|
||||
external: true
|
||||
name: nginx_net
|
Loading…
Reference in a new issue