diff --git a/authentik/.env b/authentik/.env new file mode 100644 index 0000000..c3818a0 --- /dev/null +++ b/authentik/.env @@ -0,0 +1,19 @@ +AUTHENTIK_PORT_HTTP=9090 +AUTHENTIK_PORT_HTTPS=9443 +PG_PASS=changeme +AUTHENTIK_SECRET_KEY=changeme +AUTHENTIK_ERROR_REPORTING__ENABLED=false + +# SMTP Host Emails are sent to +AUTHENTIK_EMAIL__HOST=smtp.office365.com +AUTHENTIK_EMAIL__PORT=587 +# Optionally authenticate (don't add quotation marks to your password) +AUTHENTIK_EMAIL__USERNAME=email@yourdomain.com +AUTHENTIK_EMAIL__PASSWORD=changeme +# Use StartTLS +AUTHENTIK_EMAIL__USE_TLS=true +# Use SSL +AUTHENTIK_EMAIL__USE_SSL=true +AUTHENTIK_EMAIL__TIMEOUT=10 +# Email address authentik will send from, should have a correct @domain +AUTHENTIK_EMAIL__FROM=email@yourdomain.com diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml new file mode 100644 index 0000000..0216649 --- /dev/null +++ b/authentik/docker-compose.yml @@ -0,0 +1,107 @@ +version: '3.8' + +services: + postgresql: + image: docker.io/library/postgres:12-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - database:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=${PG_PASS:?database password required} + - POSTGRES_USER=${PG_USER:-authentik} + - POSTGRES_DB=${PG_DB:-authentik} + env_file: + - .env + networks: + - authentik + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - redis:/data + networks: + - reverseproxy-nw + - authentik + server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} + restart: unless-stopped + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # AUTHENTIK_ERROR_REPORTING__ENABLED: "true" + volumes: + - ./media:/media + - ./custom-templates:/templates + - geoip:/geoip + env_file: + - .env + ports: + - "0.0.0.0:${AUTHENTIK_PORT_HTTP:-9000}:9000" + - "0.0.0.0:${AUTHENTIK_PORT_HTTPS:-9443}:9443" + networks: + - reverseproxy-nw + - authentik + worker: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2022.9.0} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # AUTHENTIK_ERROR_REPORTING__ENABLED: "true" + # This is optional, and can be removed. If you remove this, the following will happen + # - The permissions for the /media folders aren't fixed, so make sure they are 1000:1000 + # - The docker socket can't be accessed anymore + user: root + volumes: + - ./media:/media + - ./certs:/certs + - /var/run/docker.sock:/var/run/docker.sock + - ./custom-templates:/templates + # - geoip:/geoip + env_file: + - .env + networks: + - authentik + # geoipupdate: + # image: "maxmindinc/geoipupdate:latest" + # volumes: + # - "geoip:/usr/share/GeoIP" + # environment: + # GEOIPUPDATE_EDITION_IDS: "GeoLite2-City" + # GEOIPUPDATE_FREQUENCY: "8" + # env_file: + # - .env + +volumes: + database: + driver: local + redis: + driver: local + geoip: + driver: local + +networks: + reverseproxy-nw: + external: true + authentik: