[Unit] Description=Authentik with Docker After=docker.service Requires=docker.service [Service] ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }} ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }} ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \ --network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \ --label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`,`auth.unhb.de`,`a.unhb.de`)" \ --lable "traefik.http.routers.authentik.middlewares=authentik_redirect" \ --label "traefik.http.routers.authentik.entrypoints=websecure" \ --label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \ --label "traefik.http.services.authentik.loadbalancer.server.port=9000" \ --label "traefik.http.middlewares.authentik_redirect.redirectregex.permanent=true" \ --label "traefik.http.middlewares.authentik_redirect.redirectregex.regex=^https?://(auth|a)\\.unhb\\.de/(.*)" \ --label "traefik.http.middlewares.authentik_redirect.redirectregex.replacement=https://auth.un-hack-bar.de/$${2}" \ --env-file {{ docker_volumes_dir }}/authentik/authentik.env \ -v {{ docker_volumes_dir }}/authentik/media:/media \ -v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \ --label=com.centurylinklabs.watchtower.enable=false \ ghcr.io/goauthentik/server:{{ version.authentik }} server ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect traefik {{ container_names.authentik.server }}" ExecStop=-/usr/bin/docker stop {{ container_names.authentik.server }} Restart=always RestartSec=60s TimeoutStartSec=infinity Type=exec [Install] WantedBy=multi-user.target