new

2024-11-06 22:10:27 -06:00 · 2024-11-06 22:10:27 -06:00 · eb692b47c7
commit eb692b47c7
2 changed files with 143 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,16 @@
 # You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
 # Generate one by using for example: pwgen -N 1 -s 96
 # ATTENTION: This value must be the same on all Graylog nodes in the cluster.
 # Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
 GRAYLOG_PASSWORD_SECRET="TZ3XajhzIBugTl61oNNgrWL0OHTn4qYcNAuzTTHWRKYxxWf61oAEpHOpesLoP7ssgqBTuainTBX6YIVAcYs2de2jhPHQBYD5"
 # You MUST specify a hash password for the root user (which you only need to initially set up the
 # system and in case you lose connectivity to your authentication backend)
 # This password cannot be changed using the API or via the web interface. If you need to change it,
 # modify it in this file.
 # Create one by using for example: echo -n yourpassword | shasum -a 256
 # and put the resulting hash value into the following line
 # CHANGE THIS!
 GRAYLOG_ROOT_PASSWORD_SHA2="1b12de7f4069972e784d42dbe826c0769f1287412cd35479de127fcf816699dc"
 PG_PASS=KzxbC4hiuEFAuACIijO8EGWa8YvO901BXmh39wBhS5pQv3XV
 AUTHENTIK_SECRET_KEY=g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn
--- a/authentik.yaml
+++ b/authentik.yaml
@ -0,0 +1,127 @@
 services:
  postgresql:
    image: docker.io/library/postgres:16-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - /data/nfs/Baxter/Docker/Authentik/Postgres:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      POSTGRES_DB: ${PG_DB:-authentik}
      TZ: America/Chicago
      PGID: 1001
      PUID: 999 
      UMASK: 002
    networks:
      - netgrimoire
    # env_file:
    #   - .env
    deploy:
  redis:
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    environment:
      TZ: America/Chicago
      PGID: 1001
      PUID: 999 
      UMASK: 002
    volumes:
      - /data/nfs/Baxter/Docker/Authentik/redis:/data
    networks:
      - netgrimoire
    deploy:
  server:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      TZ: America/Chicago
      PGID: 1001
      PUID: 999 
      UMASK: 002
    volumes:
      - /data/nfs/Baxter/Docker/Authentik/media:/media
      - /data/nfs/Baxter/Docker/Authentik/custom-templates:/templates
    networks:
      - netgrimoire
    ports:
      - "9080:9000"
      - "9443:9443"
    deploy:
      labels:
        - homepage.group=Management
        - homepage.name=Authentik
        - homepage.icon=Authentik.png
        - homepage.href=http://authintik.netgrimoire.com
        - homepage.description=Account Manager
        - caddy=authintik.netgrimoire.com
        - caddy.reverse_proxy="{{upstreams 99000}}"
    depends_on:
      - postgresql
      - redis
  worker:
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
    restart: unless-stopped
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
      TZ: America/Chicago
      PGID: 1001
      PUID: 999 
      UMASK: 002
    # `user: root` and the docker socket volume are optional.
    # See more for the docker socket integration here:
    # https://goauthentik.io/docs/outposts/integrations/docker
    # Removing `user: root` also prevents the worker from fixing the permissions
    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
    # (1000:1000 by default)
    user: root
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /data/nfs/Baxter/Docker/Authentik/media:/media
      - /data/nfs/Baxter/Docker/Authentik/certs:/certs
      - /data/nfs/Baxter/Docker/Authentik/custom-templates:/templates
    networks:
      - netgrimoire
    depends_on:
      - postgresql
      - redis
    deploy:
 volumes:
  database:
    driver: local
  redis:
    driver: local
 networks:
  netgrimoire:
    external: true   
 # import the .env file first:  set -a; . ./.env; set +a