diff --git a/__swarm/authentik/authentik-swarm.yml b/__swarm/authentik/authentik-swarm.yml new file mode 100644 index 0000000..913a5a1 --- /dev/null +++ b/__swarm/authentik/authentik-swarm.yml @@ -0,0 +1,150 @@ +services: + authentik_ldap: + environment: + AUTHENTIK_HOST: https://auth.sectorq.eu + AUTHENTIK_INSECURE: 'false' + AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1} + ports: + - target: 3389 + published: 2389 + protocol: tcp + mode: ingress + - target: 6636 + published: 2636 + protocol: tcp + mode: ingress + deploy: + labels: + wud.watch: 'true' + wud.watch.digest: 'true' + replicas: 1 + placement: + constraints: + - node.role == manager + postgresql: + environment: + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + POSTGRES_DB: ${PG_DB:-authentik} + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-authentik} + TZ: Europe/Bratislava + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} + timeout: 5s + image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine + volumes: + - database:/var/lib/postgresql/data + deploy: + labels: + wud.watch: 'false' + replicas: 1 + placement: + constraints: + - node.role == manager + redis: + command: --save 60 1 --loglevel warning + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - redis-cli ping | grep PONG + timeout: 3s + image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine + volumes: + - authentik_redis:/data + deploy: + labels: + wud.watch: 'true' + wud.watch.digest: 'true' + replicas: 1 + placement: + constraints: + - node.role == manager + server: + command: server + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} + ports: + - target: 9000 + published: 9003 + protocol: tcp + mode: ingress + - target: 9443 + published: 9453 + protocol: tcp + mode: ingress + volumes: + - media:/media + - templates:/templates + - /var/run/docker.sock:/var/run/docker.sock + deploy: + labels: + homepage.container: authentik-server-1 + homepage.description: Authentification server + homepage.group: Utilities + homepage.href: https://auth.sectorq.eu + homepage.icon: authentik.png + homepage.name: Authentik + homepage.server: my-docker-swarm + homepage.weight: '10' + homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v + homepage.widget.type: authentik + homepage.widget.url: https://auth.sectorq.eu + wud.watch: 'true' + wud.watch.digest: 'true' + replicas: 1 + placement: + constraints: + - node.role == manager + worker: + command: worker + environment: + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY + TZ: Europe/Bratislava + image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - media:/media + - certs:/certs + - custom-templates:/templates + deploy: + labels: + wud.watch: 'true' + wud.watch.digest: 'true' + replicas: 1 + placement: + constraints: + - node.role == manager +volumes: + database: + driver: local + redis: + driver: local + custom-templates: + driver: local + media: + driver: local + certs: + driver: local