generated from DAM/ts-TEMPLATE
114 lines
3.6 KiB
YAML
114 lines
3.6 KiB
YAML
services:
|
|
authentik-ts:
|
|
image: tailscale/tailscale:latest
|
|
hostname: authentik
|
|
container_name: authentik-ts
|
|
environment:
|
|
- TS_AUTHKEY={{YOUR_TAILSCALE_AUTHKEY}}
|
|
- TS_STATE_DIR=/var/lib/tailscale
|
|
- TS_SERVE_CONFIG=/config/serve.json
|
|
volumes:
|
|
- ./tailscale/tailscale-data:/var/lib/tailscale
|
|
- ./tailscale/config:/config
|
|
- /dev/net/tun:/dev/net/tun
|
|
cap_add:
|
|
- net_admin
|
|
- sys_module
|
|
restart: unless-stopped
|
|
authentik-postgres:
|
|
image: docker.io/library/postgres:16-alpine
|
|
container_name: authentik-postgres
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 5s
|
|
volumes:
|
|
- ./postgres/data:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
|
|
POSTGRES_USER: ${PG_USER:-authentik}
|
|
POSTGRES_DB: ${PG_DB:-authentik}
|
|
env_file:
|
|
- .env
|
|
network_mode: service:authentik-ts
|
|
depends_on:
|
|
- authentik-ts
|
|
authentik-redis:
|
|
image: docker.io/library/redis:alpine
|
|
container_name: authentik-redis
|
|
command: --save 60 1 --loglevel warning
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
|
start_period: 20s
|
|
interval: 30s
|
|
retries: 5
|
|
timeout: 3s
|
|
volumes:
|
|
- ./redis/data:/data
|
|
network_mode: service:authentik-ts
|
|
depends_on:
|
|
- authentik-ts
|
|
authentik:
|
|
image: ghcr.io/goauthentik/server:2025.2.4
|
|
container_name: authentik
|
|
restart: unless-stopped
|
|
command: server
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: localhost
|
|
AUTHENTIK_POSTGRESQL__HOST: localhost
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
volumes:
|
|
- ./authentik/media:/media
|
|
- ..authentik/templates:/templates
|
|
env_file:
|
|
- .env
|
|
# ports:
|
|
# - "${COMPOSE_PORT_HTTP:-9000}:9000"
|
|
# - "${COMPOSE_PORT_HTTPS:-9443}:9443"
|
|
network_mode: service:authentik-ts
|
|
depends_on:
|
|
authentik-postgres:
|
|
condition: service_healthy
|
|
authentik-redis:
|
|
condition: service_healthy
|
|
authentik-ts:
|
|
condition: service_started
|
|
authentik-worker:
|
|
image: ghcr.io/goauthentik/server:2025.2.4
|
|
container_name: authentik-worker
|
|
restart: unless-stopped
|
|
command: worker
|
|
environment:
|
|
AUTHENTIK_REDIS__HOST: localhost
|
|
AUTHENTIK_POSTGRESQL__HOST: localhost
|
|
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
|
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
|
# `user: root` and the docker socket volume are optional.
|
|
# See more for the docker socket integration here:
|
|
# https://goauthentik.io/docs/outposts/integrations/docker
|
|
# Removing `user: root` also prevents the worker from fixing the permissions
|
|
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
|
# (1000:1000 by default)
|
|
user: root
|
|
volumes:
|
|
# - /var/run/docker.sock:/var/run/docker.sock
|
|
- ./authentik/media:/media
|
|
- ./authentik-worker/certs:/certs
|
|
- ./authentik/templates:/templates
|
|
env_file:
|
|
- .env
|
|
network_mode: service:authentik-ts
|
|
depends_on:
|
|
authentik-postgres:
|
|
condition: service_healthy
|
|
authentik-redis:
|
|
condition: service_healthy
|
|
authentik-ts:
|
|
condition: service_started |