ansible/roles/authentik_docker/templates/authentik-server-docker.service.j2
2024-03-05 22:20:00 +01:00

32 lines
1.9 KiB
Django/Jinja

[Unit]
Description=Authentik with Docker
After=docker.service
Requires=docker.service
[Service]
ExecStartPre=-/usr/bin/docker rm --force {{ container_names.authentik.server }}
ExecStartPre=-/usr/bin/docker pull ghcr.io/goauthentik/server:{{ version.authentik }}
ExecStart=/usr/bin/docker run --rm --name {{ container_names.authentik.server }} \
--network authentik_net --publish 127.0.0.1:9000:9000 --publish 127.0.0.1:9443:9443 \
--label "traefik.enable=true" --label "traefik.http.routers.authentik.rule=Host(`auth.un-hack-bar.de`,`auth.unhb.de`,`a.unhb.de`)" \
--label "traefik.http.routers.authentik.middlewares=authentik_redirect" \
--label "traefik.http.routers.authentik.entrypoints=websecure" \
--label "traefik.http.routers.authentik.tls.certresolver=letsencrypt" \
--label "traefik.http.services.authentik.loadbalancer.server.port=9000" \
--label "traefik.http.middlewares.authentik_redirect.redirectregex.permanent=true" \
--label "traefik.http.middlewares.authentik_redirect.redirectregex.regex=^https?://(auth|a)\\.unhb\\.de/(.*)" \
--label "traefik.http.middlewares.authentik_redirect.redirectregex.replacement=https://auth.un-hack-bar.de/$${2}" \
--env-file {{ docker_volumes_dir }}/authentik/authentik.env \
-v {{ docker_volumes_dir }}/authentik/media:/media \
-v {{ docker_volumes_dir }}/authentik/custom-templates:/templates \
--label=com.centurylinklabs.watchtower.enable=false \
ghcr.io/goauthentik/server:{{ version.authentik }} server
ExecStartPost=/usr/bin/bash -c "/bin/sleep 120 && /usr/bin/docker network connect traefik {{ container_names.authentik.server }}"
ExecStop=-/usr/bin/docker stop {{ container_names.authentik.server }}
Restart=always
RestartSec=60s
TimeoutStartSec=infinity
Type=exec
[Install]
WantedBy=multi-user.target