SL/ansible/roles/authentik/templates/docker-compose.yml.j2

version: '3.2'

services:
  postgresql:
    image: postgres:12-alpine
    container_name: auth_postgres
    user: "{{ users.0.uid }}:{{ users.0.gid }}"
    volumes:
      - /etc/passwd:/etc/passwd:ro
      - /opt/appdata/authentik/postgresql:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD={{ secret_authentik.postgres.password }}
      - POSTGRES_USER={{ secret_authentik.postgres.user }}
      - POSTGRES_DB={{ secret_authentik.postgres.database }}
    networks:
      - auth

  redis:
    image: redis:alpine
    restart: unless-stopped
    networks:
      - auth

  server:
    image: ghcr.io/goauthentik/server:{{ AUTHENTIK_TAG }}
    restart: unless-stopped
    command: server
    user: "{{ users.0.uid }}:{{ users.0.gid }}"
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: {{ secret_authentik.postgres.user }}
      AUTHENTIK_POSTGRESQL__NAME: {{ secret_authentik.postgres.database }}
      AUTHENTIK_POSTGRESQL__PASSWORD: {{ secret_authentik.postgres.password }}
      AUTHENTIK_SECRET_KEY: {{ secret_authentik.secret_key }}
      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
      # WORKERS: 2
    volumes:
      - /opt/appdata/authentik/media:/media
      - /opt/appdata/authentik/custom-templates:/templates
      - /opt/appdata/swag/config/geoip2db:/geoip:ro
    networks:
      - default
      - auth
    labels:
      - swag=enable
      - "swag_url=sso.{{ sl_domain }}"
      - swag_port=9443
      - swag_proto=https

  worker:
    image: ghcr.io/goauthentik/server:{{ AUTHENTIK_TAG }}
    restart: unless-stopped
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: {{ secret_authentik.postgres.user }}
      AUTHENTIK_POSTGRESQL__NAME: {{ secret_authentik.postgres.database }}
      AUTHENTIK_POSTGRESQL__PASSWORD: {{ secret_authentik.postgres.password }}
      AUTHENTIK_SECRET_KEY: {{ secret_authentik.secret_key }}
      # AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
    user: "{{ users.0.uid }}:{{ users.0.gid }}"
    volumes:
      - /opt/appdata/authentik/backups:/backups
      - /opt/appdata/authentik/certs:/certs
      - /opt/appdata/authentik/media:/media
      - /opt/appdata/authentik/custom-templates:/templates
      - /opt/appdata/swag/config/geoip2db:/geoip:ro
    networks:
      - auth

networks:
  default:
    external: true
    name: proxynet

  auth:
    internal: true
    name: auth
Init push 2022-06-13 22:09:07 +02:00			`version: '3.2'`

			`services:`
			`postgresql:`
			`image: postgres:12-alpine`
			`container_name: auth_postgres`
			`user: "{{ users.0.uid }}:{{ users.0.gid }}"`
			`volumes:`
			`- /etc/passwd:/etc/passwd:ro`
			`- /opt/appdata/authentik/postgresql:/var/lib/postgresql/data`
			`environment:`
			`- POSTGRES_PASSWORD={{ secret_authentik.postgres.password }}`
			`- POSTGRES_USER={{ secret_authentik.postgres.user }}`
			`- POSTGRES_DB={{ secret_authentik.postgres.database }}`
			`networks:`
			`- auth`

			`redis:`
			`image: redis:alpine`
			`restart: unless-stopped`
			`networks:`
			`- auth`

			`server:`
			`image: ghcr.io/goauthentik/server:{{ AUTHENTIK_TAG }}`
			`restart: unless-stopped`
			`command: server`
			`user: "{{ users.0.uid }}:{{ users.0.gid }}"`
			`environment:`
			`AUTHENTIK_REDIS__HOST: redis`
			`AUTHENTIK_POSTGRESQL__HOST: postgresql`
			`AUTHENTIK_POSTGRESQL__USER: {{ secret_authentik.postgres.user }}`
			`AUTHENTIK_POSTGRESQL__NAME: {{ secret_authentik.postgres.database }}`
			`AUTHENTIK_POSTGRESQL__PASSWORD: {{ secret_authentik.postgres.password }}`
			`AUTHENTIK_SECRET_KEY: {{ secret_authentik.secret_key }}`
			`# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"`
			`# WORKERS: 2`
			`volumes:`
			`- /opt/appdata/authentik/media:/media`
			`- /opt/appdata/authentik/custom-templates:/templates`
			`- /opt/appdata/swag/config/geoip2db:/geoip:ro`
			`networks:`
			`- default`
			`- auth`
			`labels:`
			`- swag=enable`
			`- "swag_url=sso.{{ sl_domain }}"`
			`- swag_port=9443`
			`- swag_proto=https`

			`worker:`
			`image: ghcr.io/goauthentik/server:{{ AUTHENTIK_TAG }}`
			`restart: unless-stopped`
			`command: worker`
			`environment:`
			`AUTHENTIK_REDIS__HOST: redis`
			`AUTHENTIK_POSTGRESQL__HOST: postgresql`
			`AUTHENTIK_POSTGRESQL__USER: {{ secret_authentik.postgres.user }}`
			`AUTHENTIK_POSTGRESQL__NAME: {{ secret_authentik.postgres.database }}`
			`AUTHENTIK_POSTGRESQL__PASSWORD: {{ secret_authentik.postgres.password }}`
			`AUTHENTIK_SECRET_KEY: {{ secret_authentik.secret_key }}`
			`# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"`
			`user: "{{ users.0.uid }}:{{ users.0.gid }}"`
			`volumes:`
			`- /opt/appdata/authentik/backups:/backups`
			`- /opt/appdata/authentik/certs:/certs`
			`- /opt/appdata/authentik/media:/media`
			`- /opt/appdata/authentik/custom-templates:/templates`
			`- /opt/appdata/swag/config/geoip2db:/geoip:ro`
			`networks:`
			`- auth`

			`networks:`
			`default:`
			`external: true`
			`name: proxynet`

			`auth:`
			`internal: true`
			`name: auth`