90 lines
2.9 KiB
YAML
90 lines
2.9 KiB
YAML
services:
|
|
db:
|
|
image: postgres@sha256:035b9ab53cfa147d7202b61f5f7782b939ae815b7d6bc81c96b7b42ff1fca950
|
|
container_name: authentik-db
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_DB: ${AUTHENTIK_POSTGRES_DB}
|
|
POSTGRES_USER: ${AUTHENTIK_POSTGRES_USER}
|
|
POSTGRES_PASSWORD_FILE: /run/secrets/authentik_postgres_password
|
|
volumes:
|
|
- authentik_database:/var/lib/postgresql/data
|
|
networks:
|
|
- authentik_internal
|
|
secrets:
|
|
- authentik_postgres_password
|
|
healthcheck:
|
|
interval: 30s
|
|
retries: 5
|
|
start_period: 20s
|
|
test:
|
|
- CMD-SHELL
|
|
- pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
|
|
timeout: 5s
|
|
server:
|
|
image: ghcr.io/goauthentik/server:2025.12.4@sha256:61eb50cfededf2ecc0ef483b497746db96d18934d440d7d55f6baa41977d8e85
|
|
container_name: authentik-server
|
|
restart: unless-stopped
|
|
command: server
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
environment:
|
|
AUTHENTIK_POSTGRESQL__HOST: db
|
|
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DB}
|
|
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/authentik_postgres_password
|
|
AUTHENTIK_SECRET_KEY: file:///run/secrets/authentik_secret_key
|
|
volumes:
|
|
- authentik_data:/data
|
|
networks:
|
|
- authentik_internal
|
|
- homelab_apps
|
|
secrets:
|
|
- authentik_postgres_password
|
|
- authentik_secret_key
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network=homelab_apps
|
|
- traefik.http.routers.authentik.rule=Host(`${AUTHENTIK_DOMAIN}`)
|
|
- traefik.http.routers.authentik.entrypoints=websecure
|
|
- traefik.http.routers.authentik.tls=true
|
|
- traefik.http.routers.authentik.tls.certresolver=le
|
|
- traefik.http.services.authentik.loadbalancer.server.port=9000
|
|
worker:
|
|
image: ghcr.io/goauthentik/server:2025.12.4@sha256:61eb50cfededf2ecc0ef483b497746db96d18934d440d7d55f6baa41977d8e85
|
|
container_name: authentik-worker
|
|
restart: unless-stopped
|
|
command: worker
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
environment:
|
|
AUTHENTIK_POSTGRESQL__HOST: db
|
|
AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DB}
|
|
AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/authentik_postgres_password
|
|
AUTHENTIK_SECRET_KEY: file:///run/secrets/authentik_secret_key
|
|
volumes:
|
|
- authentik_data:/data
|
|
networks:
|
|
- authentik_internal
|
|
secrets:
|
|
- authentik_postgres_password
|
|
- authentik_secret_key
|
|
volumes:
|
|
authentik_database:
|
|
driver: local
|
|
authentik_data:
|
|
driver: local
|
|
networks:
|
|
authentik_internal:
|
|
internal: true
|
|
homelab_apps:
|
|
external: true
|
|
secrets:
|
|
authentik_postgres_password:
|
|
environment: AUTHENTIK_POSTGRES_PASSWORD
|
|
authentik_secret_key:
|
|
environment: AUTHENTIK_SECRET_KEY
|