From 5cb82a048fba185daa26e5086f0c6daa17c20571 Mon Sep 17 00:00:00 2001
From: ulfrxdev <r.rafal.r9@gmail.com>
Date: Thu, 2 Apr 2026 17:35:24 +0200
Subject: [PATCH] Restore authentik db

---
 stacks/authentik/docker-compose.yaml | 52 ++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 11 deletions(-)

diff --git a/stacks/authentik/docker-compose.yaml b/stacks/authentik/docker-compose.yaml
index bcf769b..b39f8e2 100644
--- a/stacks/authentik/docker-compose.yaml
+++ b/stacks/authentik/docker-compose.yaml
@@ -1,20 +1,45 @@
 services:
+  db:
+    image: postgres@sha256:035b9ab53cfa147d7202b61f5f7782b939ae815b7d6bc81c96b7b42ff1fca950
+    container_name: authentik-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${AUTHENTIK_POSTGRES_DB}
+      POSTGRES_USER: ${AUTHENTIK_POSTGRES_USER}
+      POSTGRES_PASSWORD_FILE: /run/secrets/authentik_postgres_password
+    volumes:
+      - authentik_database:/var/lib/postgresql/data
+    networks:
+      - authentik_internal
+    secrets:
+      - authentik_postgres_password
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+        - CMD-SHELL
+        - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
+      timeout: 5s
   server:
     image: ghcr.io/goauthentik/server:2025.12.4@sha256:61eb50cfededf2ecc0ef483b497746db96d18934d440d7d55f6baa41977d8e85
     container_name: authentik-server
     restart: unless-stopped
     command: server
+    depends_on:
+      db:
+        condition: service_healthy
     environment:
-      AUTHENTIK_POSTGRESQL__HOST: postgres
-      AUTHENTIK_POSTGRESQL__NAME: authentik
-      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__HOST: db
+      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DB}
+      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER}
       AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/authentik_postgres_password
       AUTHENTIK_SECRET_KEY: file:///run/secrets/authentik_secret_key
     volumes:
       - authentik_data:/data
     networks:
+      - authentik_internal
       - homelab_apps
-      - homelab_db
     secrets:
       - authentik_postgres_password
       - authentik_secret_key
@@ -31,29 +56,34 @@ services:
     container_name: authentik-worker
     restart: unless-stopped
     command: worker
+    depends_on:
+      db:
+        condition: service_healthy
     environment:
-      AUTHENTIK_POSTGRESQL__HOST: postgres
-      AUTHENTIK_POSTGRESQL__NAME: authentik
-      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__HOST: db
+      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DB}
+      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER}
       AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/authentik_postgres_password
       AUTHENTIK_SECRET_KEY: file:///run/secrets/authentik_secret_key
     volumes:
       - authentik_data:/data
     networks:
-      - homelab_db
+      - authentik_internal
     secrets:
       - authentik_postgres_password
       - authentik_secret_key
 volumes:
+  authentik_database:
+    driver: local
   authentik_data:
     driver: local
 networks:
+  authentik_internal:
+    internal: true
   homelab_apps:
     external: true
-  homelab_db:
-    external: true
 secrets:
   authentik_postgres_password:
     environment: AUTHENTIK_POSTGRES_PASSWORD
   authentik_secret_key:
-    environment: AUTHENTIK_SECRET_KEY
\ No newline at end of file
+    environment: AUTHENTIK_SECRET_KEY