init
This commit is contained in:
commit
32d5db0b79
|
@ -0,0 +1,33 @@
|
||||||
|
TYPE=authentik
|
||||||
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
DOMAIN=sso.example.com
|
||||||
|
POSTGRES_PASSWORD=secret
|
||||||
|
AUTHENTIK_POSTGRESQL__PASSWORD=secret
|
||||||
|
POSTGRES_USER=authentik
|
||||||
|
AUTHENTIK_POSTGRESQL__USER=authentik
|
||||||
|
POSTGRES_DB=authentik
|
||||||
|
AUTHENTIK_POSTGRESQL__NAME=authentik
|
||||||
|
AUTHENTIK_POSTGRESQL__HOST=db
|
||||||
|
AUTHENTIK_REDIS__HOST=redis
|
||||||
|
AUTHENTIK_ERROR_REPORTING__ENABLED=true
|
||||||
|
# WORKERS=1
|
||||||
|
AUTHENTIK_SECRET_KEY=secret
|
||||||
|
AK_ADMIN_TOKEN=secret
|
||||||
|
AK_ADMIN_PASS=secret
|
||||||
|
|
||||||
|
# EMAIL
|
||||||
|
AUTHENTIK_EMAIL__HOST=smtp
|
||||||
|
AUTHENTIK_EMAIL__PORT=25
|
||||||
|
# AUTHENTIK_EMAIL__USERNAME=""
|
||||||
|
# AUTHENTIK_EMAIL__PASSWORD=""
|
||||||
|
AUTHENTIK_EMAIL__USE_TLS=false
|
||||||
|
AUTHENTIK_EMAIL__USE_SSL=false
|
||||||
|
AUTHENTIK_EMAIL__TIMEOUT=10
|
||||||
|
AUTHENTIK_EMAIL__FROM=noreply@example.com
|
||||||
|
AUTHENTIK_LOG_LEVEL=info
|
||||||
|
|
||||||
|
# Secret Versions
|
||||||
|
# SECRET_SECRET_KEY_VERSION=v1
|
||||||
|
# SECRET_ADMIN_TOKEN_VERSION=v1
|
||||||
|
# SECRET_ADMIN_PASS_VERSION=v1
|
|
@ -0,0 +1 @@
|
||||||
|
.envrc
|
|
@ -0,0 +1,27 @@
|
||||||
|
# authentik
|
||||||
|
|
||||||
|
[authentik](https://goauthentik.io/) is an open-source Identity Provider focused on flexibility and versatility
|
||||||
|
|
||||||
|
|
||||||
|
[List of all possible environment variables](https://goauthentik.io/docs/installation/configuration)
|
||||||
|
|
||||||
|
<!-- metadata -->
|
||||||
|
|
||||||
|
* **Category**: * **Category**: Apps
|
||||||
|
* **Status**: 0, work-in-progress
|
||||||
|
* **Image**: [ghcr/goauthentik/server](ghcr.io/goauthentik/server)
|
||||||
|
* **Healthcheck**: Yes
|
||||||
|
* **Backups**: Yes
|
||||||
|
* **Email**: Yes
|
||||||
|
* **Tests**: No
|
||||||
|
* **SSO**: Yes
|
||||||
|
|
||||||
|
<!-- endmetadata -->
|
||||||
|
|
||||||
|
## Quick start
|
||||||
|
|
||||||
|
* `abra app new {{ .Name }} --secrets`
|
||||||
|
* `abra app config <app-name>`
|
||||||
|
* `abra app deploy <app-name>`
|
||||||
|
|
||||||
|
For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
|
|
@ -0,0 +1,138 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
x-env: &env
|
||||||
|
- AUTHENTIK_POSTGRESQL__PASSWORD
|
||||||
|
- AUTHENTIK_POSTGRESQL__USER
|
||||||
|
- AUTHENTIK_POSTGRESQL__NAME
|
||||||
|
- AUTHENTIK_POSTGRESQL__HOST
|
||||||
|
- AUTHENTIK_REDIS__HOST
|
||||||
|
- AUTHENTIK_ERROR_REPORTING__ENABLED
|
||||||
|
- AUTHENTIK_SECRET_KEY= #file:///run/secrets/secret_key
|
||||||
|
- AK_ADMIN_TOKEN= #file:///run/secrets/admin_token
|
||||||
|
- AK_ADMIN_PASS= #file:///run/secrets/admin_pass
|
||||||
|
- AUTHENTIK_EMAIL__HOST
|
||||||
|
- AUTHENTIK_EMAIL__PORT
|
||||||
|
- AUTHENTIK_EMAIL__USERNAME
|
||||||
|
- AUTHENTIK_EMAIL__PASSWORD
|
||||||
|
- AUTHENTIK_EMAIL__USE_TLS
|
||||||
|
- AUTHENTIK_EMAIL__USE_SSL
|
||||||
|
- AUTHENTIK_EMAIL__TIMEOUT
|
||||||
|
- AUTHENTIK_EMAIL__FROM
|
||||||
|
- AUTHENTIK_LOG_LEVEL
|
||||||
|
|
||||||
|
|
||||||
|
version: '3.8'
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: ghcr.io/goauthentik/server:2022.4.1
|
||||||
|
command: server
|
||||||
|
# secrets:
|
||||||
|
# - db_password
|
||||||
|
# - admin_pass
|
||||||
|
# - admin_token
|
||||||
|
# - secret_key
|
||||||
|
volumes:
|
||||||
|
- media:/media
|
||||||
|
- custom-templates:/templates
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
- proxy
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "curl", "-f", "localhost:9000/-/health/live/"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 10
|
||||||
|
start_period: 1m
|
||||||
|
environment: *env
|
||||||
|
deploy:
|
||||||
|
update_config:
|
||||||
|
failure_action: rollback
|
||||||
|
order: start-first
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=proxy"
|
||||||
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=9000"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
- "coop-cloud.${STACK_NAME}.version=1.0.0+2022.4.1"
|
||||||
|
|
||||||
|
worker:
|
||||||
|
image: ghcr.io/goauthentik/server:2022.4.1
|
||||||
|
command: worker
|
||||||
|
# secrets:
|
||||||
|
# - db_password
|
||||||
|
# - admin_pass
|
||||||
|
# - admin_token
|
||||||
|
# - secret_key
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
- proxy
|
||||||
|
user: root
|
||||||
|
volumes:
|
||||||
|
- backups:/backups
|
||||||
|
- media:/media
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- custom-templates:/templates
|
||||||
|
environment: *env
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: postgres:12.8-alpine
|
||||||
|
# secrets:
|
||||||
|
# - db_password
|
||||||
|
volumes:
|
||||||
|
- database:/var/lib/postgresql/data
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "pg_isready"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 10
|
||||||
|
start_period: 1m
|
||||||
|
environment:
|
||||||
|
- POSTGRES_PASSWORD
|
||||||
|
- POSTGRES_USER
|
||||||
|
- POSTGRES_DB
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
backupbot.backup: "true"
|
||||||
|
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=${POSTGRES_PASSWORD} pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||||
|
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||||
|
backupbot.backup.path: "/tmp/backup/"
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:6.2.6-alpine
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "redis-cli","ping"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 10
|
||||||
|
start_period: 1m
|
||||||
|
|
||||||
|
# secrets:
|
||||||
|
# db_password:
|
||||||
|
# external: true
|
||||||
|
# name: ${STACK_NAME}_db_password
|
||||||
|
# secret_key:
|
||||||
|
# external: true
|
||||||
|
# name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||||
|
# admin_token:
|
||||||
|
# external: true
|
||||||
|
# name: ${STACK_NAME}_admin_token_${SECRET_ADMIN_TOKEN_VERSION}
|
||||||
|
# admin_pass:
|
||||||
|
# external: true
|
||||||
|
# name: ${STACK_NAME}_admin_pass_${SECRET_ADMIN_PASS_VERSION}
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
external: true
|
||||||
|
internal:
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
backups:
|
||||||
|
media:
|
||||||
|
custom-templates:
|
||||||
|
database:
|
Loading…
Reference in New Issue