Initial commit

2026-02-23 17:46:11 +01:00
commit 4b7a8dce28
12 changed files with 313 additions and 0 deletions
--- a/stacks/authentik/docker-compose.yml
+++ b/stacks/authentik/docker-compose.yml
@@ -0,0 +1,95 @@
+services:
+  db:
+    image: postgres@sha256:035b9ab53cfa147d7202b61f5f7782b939ae815b7d6bc81c96b7b42ff1fca950
+    container_name: authentik-db
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      POSTGRES_DB: ${PG_DB}
+      POSTGRES_USER: ${PG_USER}
+      POSTGRES_PASSWORD_FILE: /run/secrets/pg_pass
+    volumes:
+      - authentik_database:/var/lib/postgresql/data
+    networks:
+      - authentik_internal
+    secrets:
+      - pg_pass
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+        - CMD-SHELL
+        - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
+      timeout: 5s
+  server:
+    image: ghcr.io/goauthentik/server:2025.12.4@sha256:61eb50cfededf2ecc0ef483b497746db96d18934d440d7d55f6baa41977d8e85
+    container_name: authentik-server
+    restart: unless-stopped
+    command: server
+    depends_on:
+      db:
+        condition: service_healthy
+    env_file:
+      - .env
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: db
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER}
+      AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/pg_pass
+      AUTHENTIK_SECRET_KEY: file:///run/secrets/authentik_secret_key
+    volumes:
+      - authentik_data:/data
+    networks:
+      - authentik_internal
+      - homelab_apps
+    secrets:
+      - pg_pass
+      - authentik_secret_key
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=homelab_apps
+      - traefik.http.routers.authentik.rule=Host(`${AUTHENTIK_DOMAIN}`)
+      - traefik.http.routers.authentik.entrypoints=websecure
+      - traefik.http.routers.authentik.tls=true
+      - traefik.http.routers.authentik.tls.certresolver=le
+      - traefik.http.services.authentik.loadbalancer.server.port=9000
+  worker:
+    image: ghcr.io/goauthentik/server:2025.12.4@sha256:61eb50cfededf2ecc0ef483b497746db96d18934d440d7d55f6baa41977d8e85
+    container_name: authentik-worker
+    restart: unless-stopped
+    command: worker
+    depends_on:
+      db:
+        condition: service_healthy
+    env_file:
+      - .env
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: db
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER}
+      AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/pg_pass
+      AUTHENTIK_SECRET_KEY: file:///run/secrets/authentik_secret_key
+    volumes:
+      - authentik_data:/data
+    networks:
+      - authentik_internal
+    secrets:
+      - pg_pass
+      - authentik_secret_key
+volumes:
+  authentik_database:
+    driver: local
+  authentik_data:
+    driver: local
+networks:
+  authentik_internal:
+    internal: true
+  homelab_apps:
+    external: true
+secrets:
+  pg_pass:
+    file: ./secrets/pg_pass.txt
+  authentik_secret_key:
+    file: ./secrets/authentik_secret_key.txt