services: authentik_ldap: environment: AUTHENTIK_HOST: https://auth.sectorq.eu AUTHENTIK_INSECURE: 'false' AUTHENTIK_TOKEN: EfLokorVuj1woeO0p1he3mRJvVfGfvdKM8Bdew3DtDZZ3To6bVpFSDI7GOqY TZ: Europe/Bratislava image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/ldap:${AUTHENTIK_TAG:-2024.6.1} ports: - target: 3389 published: 2389 protocol: tcp mode: ingress - target: 6636 published: 2636 protocol: tcp mode: ingress deploy: labels: wud.watch: 'true' wud.watch.digest: 'true' replicas: 1 placement: constraints: - node.role == manager postgresql: environment: AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY POSTGRES_DB: ${PG_DB:-authentik} POSTGRES_PASSWORD: ${PG_PASS:?database password required} POSTGRES_USER: ${PG_USER:-authentik} TZ: Europe/Bratislava healthcheck: interval: 30s retries: 5 start_period: 20s test: - CMD-SHELL - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} timeout: 5s image: ${DOCKER_REGISTRY:-docker.io/library/}postgres:16-alpine volumes: - database:/var/lib/postgresql/data deploy: labels: wud.watch: 'false' replicas: 1 placement: constraints: - node.role == manager redis: command: --save 60 1 --loglevel warning healthcheck: interval: 30s retries: 5 start_period: 20s test: - CMD-SHELL - redis-cli ping | grep PONG timeout: 3s image: ${DOCKER_REGISTRY:-docker.io/library/}redis:alpine volumes: - redis:/data deploy: labels: wud.watch: 'true' wud.watch.digest: 'true' replicas: 1 placement: constraints: - node.role == manager server: command: server environment: AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_REDIS__HOST: redis AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY TZ: Europe/Bratislava image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} ports: - target: 9000 published: 9003 protocol: tcp mode: ingress - target: 9443 published: 9453 protocol: tcp mode: ingress volumes: - media:/media - templates:/templates - /var/run/docker.sock:/var/run/docker.sock deploy: labels: homepage.container: authentik-server-1 homepage.description: Authentification server homepage.group: Utilities homepage.href: https://auth.sectorq.eu homepage.icon: authentik.png homepage.name: Authentik homepage.server: my-docker-swarm homepage.weight: '10' homepage.widget.key: sVOwPPInTue7ZnvolmKG15hkE9gCyLcuAelLOQny6OIVn7JUilny9loPTG0v homepage.widget.type: authentik homepage.widget.url: https://auth.sectorq.eu wud.watch: 'true' wud.watch.digest: 'true' replicas: 1 placement: constraints: - node.role == manager worker: command: worker environment: AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} AUTHENTIK_REDIS__HOST: redis AUTHENTIK_SECRET_KEY: $AUTHENTIK_SECRET_KEY TZ: Europe/Bratislava image: ${DOCKER_REGISTRY:-}ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.6.1} user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - media:/media - certs:/certs - custom-templates:/templates deploy: labels: wud.watch: 'true' wud.watch.digest: 'true' replicas: 1 placement: constraints: - node.role == manager volumes: database: driver: local redis: driver: local custom-templates: driver: local media: driver: local certs: driver: local