32 lines
1.9 KiB
Django/Jinja
32 lines
1.9 KiB
Django/Jinja
[Unit]
|
|
Description=Authentik with Docker
|
|
After=docker.service
|
|
Requires=docker.service
|
|
|
|
[Service]
|
|
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }}
|
|
ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }}
|
|
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
|
|
--network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
|
|
--label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`,`auth.unhb.de`,`a.unhb.de`)" \
|
|
--lable "traefik.http.routers.authentik.middlewares=authentik_redirect" \
|
|
--label "traefik.http.routers.authentik.entrypoints=websecure" \
|
|
--label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \
|
|
--label "traefik.http.services.authentik.loadbalancer.server.port=9000" \
|
|
--label "traefik.http.middlewares.authentik_redirect.redirectregex.permanent=true" \
|
|
--label "traefik.http.middlewares.authentik_redirect.redirectregex.regex=^https?://(auth|a)\\.unhb\\.de/(.*)" \
|
|
--label "traefik.http.middlewares.authentik_redirect.redirectregex.replacement=https://auth.un-hack-bar.de/$${2}" \
|
|
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
|
|
-v {{ docker_volumes_dir }}/authentik/media:/media \
|
|
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
|
|
--label=com.centurylinklabs.watchtower.enable=false \
|
|
ghcr.io/goauthentik/server:{{ version.authentik }} server
|
|
ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect traefik {{ container_names.authentik.server }}"
|
|
ExecStop=-/usr/bin/docker stop {{ container_names.authentik.server }}
|
|
Restart=always
|
|
RestartSec=60s
|
|
TimeoutStartSec=infinity
|
|
Type=exec
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|