init
This commit is contained in:
commit
32d5db0b79
|
@ -0,0 +1,33 @@
|
|||
TYPE=authentik
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
DOMAIN=sso.example.com
|
||||
POSTGRES_PASSWORD=secret
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD=secret
|
||||
POSTGRES_USER=authentik
|
||||
AUTHENTIK_POSTGRESQL__USER=authentik
|
||||
POSTGRES_DB=authentik
|
||||
AUTHENTIK_POSTGRESQL__NAME=authentik
|
||||
AUTHENTIK_POSTGRESQL__HOST=db
|
||||
AUTHENTIK_REDIS__HOST=redis
|
||||
AUTHENTIK_ERROR_REPORTING__ENABLED=true
|
||||
# WORKERS=1
|
||||
AUTHENTIK_SECRET_KEY=secret
|
||||
AK_ADMIN_TOKEN=secret
|
||||
AK_ADMIN_PASS=secret
|
||||
|
||||
# EMAIL
|
||||
AUTHENTIK_EMAIL__HOST=smtp
|
||||
AUTHENTIK_EMAIL__PORT=25
|
||||
# AUTHENTIK_EMAIL__USERNAME=""
|
||||
# AUTHENTIK_EMAIL__PASSWORD=""
|
||||
AUTHENTIK_EMAIL__USE_TLS=false
|
||||
AUTHENTIK_EMAIL__USE_SSL=false
|
||||
AUTHENTIK_EMAIL__TIMEOUT=10
|
||||
AUTHENTIK_EMAIL__FROM=noreply@example.com
|
||||
AUTHENTIK_LOG_LEVEL=info
|
||||
|
||||
# Secret Versions
|
||||
# SECRET_SECRET_KEY_VERSION=v1
|
||||
# SECRET_ADMIN_TOKEN_VERSION=v1
|
||||
# SECRET_ADMIN_PASS_VERSION=v1
|
|
@ -0,0 +1 @@
|
|||
.envrc
|
|
@ -0,0 +1,27 @@
|
|||
# authentik
|
||||
|
||||
[authentik](https://goauthentik.io/) is an open-source Identity Provider focused on flexibility and versatility
|
||||
|
||||
|
||||
[List of all possible environment variables](https://goauthentik.io/docs/installation/configuration)
|
||||
|
||||
<!-- metadata -->
|
||||
|
||||
* **Category**: * **Category**: Apps
|
||||
* **Status**: 0, work-in-progress
|
||||
* **Image**: [ghcr/goauthentik/server](ghcr.io/goauthentik/server)
|
||||
* **Healthcheck**: Yes
|
||||
* **Backups**: Yes
|
||||
* **Email**: Yes
|
||||
* **Tests**: No
|
||||
* **SSO**: Yes
|
||||
|
||||
<!-- endmetadata -->
|
||||
|
||||
## Quick start
|
||||
|
||||
* `abra app new {{ .Name }} --secrets`
|
||||
* `abra app config <app-name>`
|
||||
* `abra app deploy <app-name>`
|
||||
|
||||
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
|
|
@ -0,0 +1,138 @@
|
|||
---
|
||||
|
||||
x-env: &env
|
||||
- AUTHENTIK_POSTGRESQL__PASSWORD
|
||||
- AUTHENTIK_POSTGRESQL__USER
|
||||
- AUTHENTIK_POSTGRESQL__NAME
|
||||
- AUTHENTIK_POSTGRESQL__HOST
|
||||
- AUTHENTIK_REDIS__HOST
|
||||
- AUTHENTIK_ERROR_REPORTING__ENABLED
|
||||
- AUTHENTIK_SECRET_KEY= #file:///run/secrets/secret_key
|
||||
- AK_ADMIN_TOKEN= #file:///run/secrets/admin_token
|
||||
- AK_ADMIN_PASS= #file:///run/secrets/admin_pass
|
||||
- AUTHENTIK_EMAIL__HOST
|
||||
- AUTHENTIK_EMAIL__PORT
|
||||
- AUTHENTIK_EMAIL__USERNAME
|
||||
- AUTHENTIK_EMAIL__PASSWORD
|
||||
- AUTHENTIK_EMAIL__USE_TLS
|
||||
- AUTHENTIK_EMAIL__USE_SSL
|
||||
- AUTHENTIK_EMAIL__TIMEOUT
|
||||
- AUTHENTIK_EMAIL__FROM
|
||||
- AUTHENTIK_LOG_LEVEL
|
||||
|
||||
|
||||
version: '3.8'
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/goauthentik/server:2022.4.1
|
||||
command: server
|
||||
# secrets:
|
||||
# - db_password
|
||||
# - admin_pass
|
||||
# - admin_token
|
||||
# - secret_key
|
||||
volumes:
|
||||
- media:/media
|
||||
- custom-templates:/templates
|
||||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "localhost:9000/-/health/live/"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
environment: *env
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+2022.4.1"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2022.4.1
|
||||
command: worker
|
||||
# secrets:
|
||||
# - db_password
|
||||
# - admin_pass
|
||||
# - admin_token
|
||||
# - secret_key
|
||||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
user: root
|
||||
volumes:
|
||||
- backups:/backups
|
||||
- media:/media
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- custom-templates:/templates
|
||||
environment: *env
|
||||
|
||||
db:
|
||||
image: postgres:12.8-alpine
|
||||
# secrets:
|
||||
# - db_password
|
||||
volumes:
|
||||
- database:/var/lib/postgresql/data
|
||||
networks:
|
||||
- internal
|
||||
healthcheck:
|
||||
test: ["CMD", "pg_isready"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
environment:
|
||||
- POSTGRES_PASSWORD
|
||||
- POSTGRES_USER
|
||||
- POSTGRES_DB
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=${POSTGRES_PASSWORD} pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
|
||||
redis:
|
||||
image: redis:6.2.6-alpine
|
||||
networks:
|
||||
- internal
|
||||
healthcheck:
|
||||
test: ["CMD", "redis-cli","ping"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
|
||||
# secrets:
|
||||
# db_password:
|
||||
# external: true
|
||||
# name: ${STACK_NAME}_db_password
|
||||
# secret_key:
|
||||
# external: true
|
||||
# name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||
# admin_token:
|
||||
# external: true
|
||||
# name: ${STACK_NAME}_admin_token_${SECRET_ADMIN_TOKEN_VERSION}
|
||||
# admin_pass:
|
||||
# external: true
|
||||
# name: ${STACK_NAME}_admin_pass_${SECRET_ADMIN_PASS_VERSION}
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
internal:
|
||||
|
||||
volumes:
|
||||
backups:
|
||||
media:
|
||||
custom-templates:
|
||||
database:
|
Loading…
Reference in New Issue