diff --git a/docker-compose.yml b/docker-compose.yml index 4054566..26868dd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,42 +1,162 @@ -#### NETWORKS +--- + +#### networks networks: traefik_front_network: external: true - back_network_: + back_network_authentik: driver: bridge attachable: true -#### SERVICES +#### services services: -### hello_world - hello_world: - container_name: gitea-app - hostname: gitea-app - image: hello-world - environment: - restart: always +### postgresql + postgresql: + container_name: authentik-postgres + hostname: authentik-postgre + image: docker.io/library/postgres:16-alpine + restart: unless-stopped networks: -# - back_network_gitea - - traefik_front_network + - back_network_authentik + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s volumes: + - ./database:/var/lib/postgresql/data + environment: + PGDATA: /var/lib/postgresql/data/authentik + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-authentik} + POSTGRES_DB: ${PG_DB:-authentik} + env_file: + - .env + +### redis + redis: + container_name: authentik-redis + hostname: authentik-redis + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + networks: + - back_network_authentik + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ./redis:/data + +### authentik + server: + container_name: authentik-server + hostname: authentik-server + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.1} + restart: unless-stopped + networks: + - traefik_front_network + - back_network_authentik + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + env_file: + - .env + volumes: + - ./media:/media + - ./custom-templates:/templates + depends_on: + postgresql: + condition: service_healthy + restart: true + redis: + condition: service_healthy + restart: true + msmtpd: + condition: service_healthy + restart: true labels: - "traefik.enable=true" - "traefik.docker.network=traefik_front_network" # HTTP - - "traefik.http.routers.hello-world-http.rule=Host(`hello-world.tips-of-mine.com`)" - - "traefik.http.routers.hello-world-http.entrypoints=http" - - "traefik.http.routers.hello-world-http.priority=49" + - "traefik.http.routers.authentik-http.rule=Host(`authentik.tips-of-mine.com`)" + - "traefik.http.routers.authentik-http.entrypoints=http" # HTTPS - - "traefik.http.routers.hello-world-https.rule=Host(`hello-world.tips-of-mine.com`)" - - "traefik.http.routers.hello-world-https.entrypoints=https" - - "traefik.http.routers.hello-world-https.tls=true" - - "traefik.http.routers.hello-world-https.priority=50" - - "traefik.http.routers.gitea.service=gitea-https-service" + - "traefik.http.routers.authentik-https.rule=Host(`authentik.tips-of-mine.com`)" + - "traefik.http.routers.authentik-https.entrypoints=https" + - "traefik.http.routers.authentik-https.service=authentik-service" + - "traefik.http.routers.authentik-https.tls=true" # Middleware # Service -# - "traefik.http.services.gitea-https-service.loadbalancer.server.port=3000" -# - "traefik.http.services.gitea-https-service.loadbalancer.server.scheme=https" -# - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.hostname=gitea.traefik.me" -# - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.method=foobar" -# - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.timeout=10" -# - "traefik.http.services.gitea-https-service.loadbalancer.healthcheck.interval=30" + - "traefik.http.services.authentik-service.loadbalancer.server.port=9000" + +### worker + worker: + container_name: authentik-worker + hostname: authentik-worker + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.1} + restart: unless-stopped + networks: + - traefik_front_network + - back_network_authentik + command: worker + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates + env_file: + - .env + depends_on: + postgresql: + condition: service_healthy + restart: true + redis: + condition: service_healthy + restart: true + msmtpd: + condition: service_healthy + restart: true + +### msmtpd + msmtpd: + container_name: authentik-msmtpd + hostname: authentik-msmtpd + image: crazymax/msmtpd:latest + networks: + - back_network_authentik + environment: + - "TZ=Europe/Paris" + - "PUID=1500" + - "PGID=1500" + - "SMTP_HOST=10.0.4.52" + - "SMTP_PORT=587" + - "SMTP_TLS=on" + - "SMTP_STARTTLS=on" + - "SMTP_TLS_CHECKCERT=off" + - "SMTP_AUTH=on" + - "SMTP_USER=hostinfo@tips-of-mine.fr" + - "SMTP_PASSWORD=P@ssw0rd!12345" + - "SMTP_DOMAIN=localhost" + - "SMTP_FROM=hostinfo@tips-of-mine.fr" + restart: always + healthcheck: + test: ["CMD-SHELL", "echo EHLO localhost"] + interval: 5s + timeout: 5s + retries: 5