Merge pull request 'Add Authentik container' (#10) from authentik into main

Reviewed-on: #10
2025-03-28 20:30:49 +00:00 · 2025-03-28 20:30:49 +00:00 · 73abcb64eb
commit 73abcb64eb
parent 120c8c13ad 97a6e683fc
3 changed files with 136 additions and 0 deletions
--- a/authentik/.env-example
+++ b/authentik/.env-example
@ -0,0 +1,23 @@
+# PostgreSQL
+AUTHENTIK_POSTGRESQL_VERSION=16
+AUTHENTIK_POSTGRES_PASSWORD= # generate with openssl rand -base64 32
+AUTHENTIK_POSTGRES_USER=authentik
+AUTHENTIK_POSTGRES_DATABASE=authentik
+
+# Redis
+AUTHENTIK_REDIS_VERSION=alpine
+
+# Authentik
+AUTHENTIK_VERSION=2024.12.3
+AUTHENTIK_SECRET_KEY=# generate with openssl rand -base64 50
+AUTHENTIK_DOMAIN=authentik.example.com
+
+# Email-Konfiguration
+AUTHENTIK_EMAIL__HOST=your.mailhost.com
+AUTHENTIK_EMAIL__PORT=465
+AUTHENTIK_EMAIL__USERNAME=mail@example.com
+AUTHENTIK_EMAIL__PASSWORD=
+AUTHENTIK_EMAIL__USE_TLS=false
+AUTHENTIK_EMAIL__USE_SSL=true
+AUTHENTIK_EMAIL__TIMEOUT=10
+AUTHENTIK_EMAIL__FROM=mail@example.com
--- a/authentik/README.md
+++ b/authentik/README.md
--- a/authentik/docker-compose.yml
+++ b/authentik/docker-compose.yml
@ -0,0 +1,113 @@
+---
+services:
+  postgresql:
+    image: docker.io/library/postgres:${AUTHENTIK_POSTGRESQL_VERSION:-16}
+    container_name: authentik-db
+    restart: unless-stopped
+    env_file:
+      - .env
+    networks:
+      - authentik
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}
+      POSTGRES_USER: ${AUTHENTIK_POSTGRES_USER:-authentik}
+      POSTGRES_DB: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}
+
+  redis:
+    image: docker.io/library/redis:${AUTHENTIK_REDIS_VERSION:-alpine}
+    container_name: authentik-redis
+    restart: unless-stopped
+    command: --save 60 1 --loglevel warning
+    volumes:
+      - redis:/data
+    networks:
+      - authentik
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+
+  server:
+    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.12.3}
+    container_name: authentik-server
+    restart: unless-stopped
+    command: server
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+    networks:
+      - traefik
+      - authentik
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}
+    env_file:
+      - .env
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.authentik.entrypoints=http"
+      - "traefik.http.routers.authentik.rule=Host(`${AUTHENTIK_DOMAIN:?error}`)"
+      - "traefik.http.middlewares.authentik-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.authentik.middlewares=authentik-https-redirect"
+      - "traefik.http.routers.authentik-secure.entrypoints=https"
+      - "traefik.http.routers.authentik-secure.rule=Host(`${AUTHENTIK_DOMAIN:?error}`)"
+      - "traefik.http.routers.authentik-secure.tls=true"
+      - "traefik.http.routers.authentik-secure.service=authentik"
+      - "traefik.http.services.authentik.loadbalancer.server.port=9000"
+    depends_on:
+      postgresql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+
+  worker:
+    image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION:-2024.12.3}
+    container_name: authentik-worker
+    restart: unless-stopped
+    command: worker
+    networks:
+      - authentik
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./media:/media
+      - ./certs:/certs
+      - ./custom-templates:/templates
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${AUTHENTIK_POSTGRES_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${AUTHENTIK_POSTGRES_DATABASE:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_POSTGRES_PASSWORD:?database password required}
+    env_file:
+      - .env
+    depends_on:
+      postgresql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local
+
+networks:
+  traefik:
+    external: true
+  authentik:
+    driver: bridge