new
This commit is contained in:
traveler
commit
eb692b47c7
2 changed files with 143 additions and 0 deletions
16
.env
Normal file
16
.env
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
|
||||
# Generate one by using for example: pwgen -N 1 -s 96
|
||||
# ATTENTION: This value must be the same on all Graylog nodes in the cluster.
|
||||
# Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
|
||||
GRAYLOG_PASSWORD_SECRET="TZ3XajhzIBugTl61oNNgrWL0OHTn4qYcNAuzTTHWRKYxxWf61oAEpHOpesLoP7ssgqBTuainTBX6YIVAcYs2de2jhPHQBYD5"
|
||||
|
||||
# You MUST specify a hash password for the root user (which you only need to initially set up the
|
||||
# system and in case you lose connectivity to your authentication backend)
|
||||
# This password cannot be changed using the API or via the web interface. If you need to change it,
|
||||
# modify it in this file.
|
||||
# Create one by using for example: echo -n yourpassword | shasum -a 256
|
||||
# and put the resulting hash value into the following line
|
||||
# CHANGE THIS!
|
||||
GRAYLOG_ROOT_PASSWORD_SHA2="1b12de7f4069972e784d42dbe826c0769f1287412cd35479de127fcf816699dc"
|
||||
PG_PASS=KzxbC4hiuEFAuACIijO8EGWa8YvO901BXmh39wBhS5pQv3XV
|
||||
AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
|
||||
127
authentik.yaml
Normal file
127
authentik.yaml
Normal file
|
|
@ -0,0 +1,127 @@
|
|||
services:
|
||||
postgresql:
|
||||
image: docker.io/library/postgres:16-alpine
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 5s
|
||||
volumes:
|
||||
- /data/nfs/Baxter/Docker/Authentik/Postgres:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
|
||||
POSTGRES_USER: ${PG_USER:-authentik}
|
||||
POSTGRES_DB: ${PG_DB:-authentik}
|
||||
TZ: America/Chicago
|
||||
PGID: 1001
|
||||
PUID: 999
|
||||
UMASK: 002
|
||||
networks:
|
||||
- netgrimoire
|
||||
# env_file:
|
||||
# - .env
|
||||
deploy:
|
||||
|
||||
redis:
|
||||
image: docker.io/library/redis:alpine
|
||||
command: --save 60 1 --loglevel warning
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
|
||||
start_period: 20s
|
||||
interval: 30s
|
||||
retries: 5
|
||||
timeout: 3s
|
||||
environment:
|
||||
TZ: America/Chicago
|
||||
PGID: 1001
|
||||
PUID: 999
|
||||
UMASK: 002
|
||||
volumes:
|
||||
- /data/nfs/Baxter/Docker/Authentik/redis:/data
|
||||
networks:
|
||||
- netgrimoire
|
||||
deploy:
|
||||
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
TZ: America/Chicago
|
||||
PGID: 1001
|
||||
PUID: 999
|
||||
UMASK: 002
|
||||
volumes:
|
||||
- /data/nfs/Baxter/Docker/Authentik/media:/media
|
||||
- /data/nfs/Baxter/Docker/Authentik/custom-templates:/templates
|
||||
networks:
|
||||
- netgrimoire
|
||||
ports:
|
||||
- "9080:9000"
|
||||
- "9443:9443"
|
||||
deploy:
|
||||
labels:
|
||||
- homepage.group=Management
|
||||
- homepage.name=Authentik
|
||||
- homepage.icon=Authentik.png
|
||||
- homepage.href=http://authintik.netgrimoire.com
|
||||
- homepage.description=Account Manager
|
||||
- caddy=authintik.netgrimoire.com
|
||||
- caddy.reverse_proxy="{{upstreams 99000}}"
|
||||
depends_on:
|
||||
- postgresql
|
||||
- redis
|
||||
|
||||
worker:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
AUTHENTIK_POSTGRESQL__HOST: postgresql
|
||||
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
|
||||
TZ: America/Chicago
|
||||
PGID: 1001
|
||||
PUID: 999
|
||||
UMASK: 002
|
||||
# `user: root` and the docker socket volume are optional.
|
||||
# See more for the docker socket integration here:
|
||||
# https://goauthentik.io/docs/outposts/integrations/docker
|
||||
# Removing `user: root` also prevents the worker from fixing the permissions
|
||||
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
|
||||
# (1000:1000 by default)
|
||||
user: root
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /data/nfs/Baxter/Docker/Authentik/media:/media
|
||||
- /data/nfs/Baxter/Docker/Authentik/certs:/certs
|
||||
- /data/nfs/Baxter/Docker/Authentik/custom-templates:/templates
|
||||
networks:
|
||||
- netgrimoire
|
||||
depends_on:
|
||||
- postgresql
|
||||
- redis
|
||||
deploy:
|
||||
|
||||
volumes:
|
||||
database:
|
||||
driver: local
|
||||
redis:
|
||||
driver: local
|
||||
|
||||
networks:
|
||||
netgrimoire:
|
||||
external: true
|
||||
|
||||
|
||||
# import the .env file first: set -a; . ./.env; set +a
|
||||
Loading…
Add table
Add a link
Reference in a new issue