diff --git a/authentik/.env b/authentik/.env new file mode 100755 index 000000000..cd3aef938 --- /dev/null +++ b/authentik/.env @@ -0,0 +1,16 @@ +# see https://goauthentik.io/docs/installation/docker-compose#preparation + +# echo -n "dreammall" | sha1sum | awk '{print $1}' +PG_PASS=905d212ac491ab9bbacfaa2baa359a37ea065da9 +# echo -n "dreammall" | sha1sum | awk '{print $1}' +AUTHENTIK_SECRET_KEY=905d212ac491ab9bbacfaa2baa359a37ea065da9 +AUTHENTIK_ERROR_REPORTING__ENABLED=false + +#user +# akadmin +# admin@dreammall.earth +# dreammall + +# Use http & https ports +#COMPOSE_PORT_HTTP=80 +#COMPOSE_PORT_HTTPS=443 \ No newline at end of file diff --git a/authentik/.gitignore b/authentik/.gitignore new file mode 100644 index 000000000..370bedd33 --- /dev/null +++ b/authentik/.gitignore @@ -0,0 +1 @@ +database/ \ No newline at end of file diff --git a/authentik/data/user_settings.py b/authentik/data/user_settings.py new file mode 100755 index 000000000..9c62070e1 --- /dev/null +++ b/authentik/data/user_settings.py @@ -0,0 +1 @@ +X_FRAME_OPTIONS = "allow-from *" \ No newline at end of file diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml new file mode 100755 index 000000000..624e6adde --- /dev/null +++ b/authentik/docker-compose.yml @@ -0,0 +1,88 @@ +version: "3.4" + +services: + postgresql: + image: docker.io/library/postgres:12-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - ./database:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${PG_PASS:?database password required} + POSTGRES_USER: ${PG_USER:-authentik} + POSTGRES_DB: ${PG_DB:-authentik} + env_file: + - .env + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - redis:/data + server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-latest} + restart: unless-stopped + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + volumes: + - ./media:/media + - ./custom-templates:/templates + - ./data:/data + env_file: + - .env + ports: + - "${COMPOSE_PORT_HTTP:-9000}:9000" + - "${COMPOSE_PORT_HTTPS:-9443}:9443" + depends_on: + - postgresql + - redis + worker: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-latest} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # `user: root` and the docker socket volume are optional. + # See more for the docker socket integration here: + # https://goauthentik.io/docs/outposts/integrations/docker + # Removing `user: root` also prevents the worker from fixing the permissions + # on the mounted folders, so when removing this make sure the folders have the correct UID/GID + # (1000:1000 by default) + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./data:/data + - ./custom-templates:/templates + env_file: + - .env + depends_on: + - postgresql + - redis + +volumes: + database: + driver: local + redis: + driver: local \ No newline at end of file