commit eb692b47c72056b37c3924ece3df6e3649cf3a4b
Author: traveler <phil@pncharris.com>
Date:   Wed Nov 6 22:10:27 2024 -0600

    new

diff --git a/.env b/.env
new file mode 100644
index 0000000..c3dd04b
--- /dev/null
+++ b/.env
@@ -0,0 +1,16 @@
+# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
+# Generate one by using for example: pwgen -N 1 -s 96
+# ATTENTION: This value must be the same on all Graylog nodes in the cluster.
+# Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
+GRAYLOG_PASSWORD_SECRET="TZ3XajhzIBugTl61oNNgrWL0OHTn4qYcNAuzTTHWRKYxxWf61oAEpHOpesLoP7ssgqBTuainTBX6YIVAcYs2de2jhPHQBYD5"
+
+# You MUST specify a hash password for the root user (which you only need to initially set up the
+# system and in case you lose connectivity to your authentication backend)
+# This password cannot be changed using the API or via the web interface. If you need to change it,
+# modify it in this file.
+# Create one by using for example: echo -n yourpassword | shasum -a 256
+# and put the resulting hash value into the following line
+# CHANGE THIS!
+GRAYLOG_ROOT_PASSWORD_SHA2="1b12de7f4069972e784d42dbe826c0769f1287412cd35479de127fcf816699dc"
+PG_PASS=KzxbC4hiuEFAuACIijO8EGWa8YvO901BXmh39wBhS5pQv3XV
+AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
diff --git a/authentik.yaml b/authentik.yaml
new file mode 100644
index 0000000..37ede4e
--- /dev/null
+++ b/authentik.yaml
@@ -0,0 +1,127 @@
+services:
+  postgresql:
+    image: docker.io/library/postgres:16-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - /data/nfs/Baxter/Docker/Authentik/Postgres:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+      POSTGRES_DB: ${PG_DB:-authentik}
+      TZ: America/Chicago
+      PGID: 1001
+      PUID: 999 
+      UMASK: 002
+    networks:
+      - netgrimoire
+    # env_file:
+    #   - .env
+    deploy:
+    
+  redis:
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    environment:
+      TZ: America/Chicago
+      PGID: 1001
+      PUID: 999 
+      UMASK: 002
+    volumes:
+      - /data/nfs/Baxter/Docker/Authentik/redis:/data
+    networks:
+      - netgrimoire
+    deploy:
+  
+  server:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      TZ: America/Chicago
+      PGID: 1001
+      PUID: 999 
+      UMASK: 002
+    volumes:
+      - /data/nfs/Baxter/Docker/Authentik/media:/media
+      - /data/nfs/Baxter/Docker/Authentik/custom-templates:/templates
+    networks:
+      - netgrimoire
+    ports:
+      - "9080:9000"
+      - "9443:9443"
+    deploy:
+      labels:
+        - homepage.group=Management
+        - homepage.name=Authentik
+        - homepage.icon=Authentik.png
+        - homepage.href=http://authintik.netgrimoire.com
+        - homepage.description=Account Manager
+        - caddy=authintik.netgrimoire.com
+        - caddy.reverse_proxy="{{upstreams 99000}}"
+    depends_on:
+      - postgresql
+      - redis
+  
+  worker:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      TZ: America/Chicago
+      PGID: 1001
+      PUID: 999 
+      UMASK: 002
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /data/nfs/Baxter/Docker/Authentik/media:/media
+      - /data/nfs/Baxter/Docker/Authentik/certs:/certs
+      - /data/nfs/Baxter/Docker/Authentik/custom-templates:/templates
+    networks:
+      - netgrimoire
+    depends_on:
+      - postgresql
+      - redis
+    deploy:
+
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local
+
+networks:
+  netgrimoire:
+    external: true   
+
+
+# import the .env file first:  set -a; . ./.env; set +a
\ No newline at end of file