diff --git a/swarm/authentik.yaml b/swarm/authentik.yaml index 1d4235d..d0cb518 100644 --- a/swarm/authentik.yaml +++ b/swarm/authentik.yaml @@ -1,6 +1,7 @@ services: postgresql: image: docker.io/library/postgres:16-alpine + restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s @@ -14,24 +15,22 @@ services: POSTGRES_USER: authentik POSTGRES_DB: authentik TZ: America/Chicago + PGID: 998 + PUID: 1001 + UMASK: 002 networks: - authentik deploy: placement: constraints: - node.hostname == znas - labels: - gremlin.uid.exempt: "true" - gremlin.uid.reason: "Postgres manages its own internal users" - gremlin.caddy.skip: "true" - gremlin.homepage.skip: "true" - gremlin.monitor.skip: "true" - gremlin.network.skip: "true" + redis: image: docker.io/library/redis:alpine user: "1964:1964" command: --save 60 1 --loglevel warning + restart: unless-stopped healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s @@ -40,6 +39,9 @@ services: timeout: 3s environment: TZ: America/Chicago + PGID: 998 + PUID: 1001 + UMASK: 002 volumes: - /DockerVol/Authentik/redis:/data networks: @@ -48,17 +50,12 @@ services: placement: constraints: - node.hostname == znas - labels: - gremlin.uid.exempt: "true" - gremlin.uid.reason: "Redis manages its own internal users" - gremlin.caddy.skip: "true" - gremlin.homepage.skip: "true" - gremlin.monitor.skip: "true" - gremlin.network.skip: "true" + authentik: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} user: "1964:1964" + restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis @@ -68,6 +65,9 @@ services: AUTHENTIK_POSTGRESQL__PASSWORD: F@lcon13 AUTHENTIK_SECRET_KEY: g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn TZ: America/Chicago + PGID: 998 + PUID: 1001 + UMASK: 002 volumes: - /DockerVol/Authentik/media:/media - /DockerVol/Authentik/custom-templates:/templates @@ -82,29 +82,23 @@ services: constraints: - node.hostname == znas labels: - caddy: auth.netgrimoire.com - caddy.reverse_proxy: authentik:9000 - caddy.import_1: crowdsec - caddy.import_2: authentik - homepage.group: Management homepage.name: Authentik homepage.icon: authentik.png homepage.href: https://auth.netgrimoire.com homepage.description: Account Manager - - monitor.name: Authentik - monitor.url: https://auth.netgrimoire.com - - diun.enable: "true" - - gremlin.uid.exempt: "true" - gremlin.uid.reason: "Authentik server runs as 1964:1964 via user: directive" - gremlin.context: "docker.sock on worker is required for Authentik outpost management" + kuma.auth.http.name: Authentik + kuma.auth.http.url: http://authentik:9000 + caddy: auth.netgrimoire.com + caddy.reverse_proxy: {{upstreams 9000}} + depends_on: + - postgresql + - redis worker: image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2} user: "1964:1964" + restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: redis @@ -114,6 +108,9 @@ services: AUTHENTIK_POSTGRESQL__PASSWORD: F@lcon13 AUTHENTIK_SECRET_KEY: g8JIvopgkcpIeRUKgfT5KwHFUwGNBFobwhHMHx08wPTJTtAlmqllAwmr6u4jk+ng8O1gbV/gwZnYylMn TZ: America/Chicago + PGID: 998 + PUID: 1001 + UMASK: 002 volumes: - /var/run/docker.sock:/var/run/docker.sock - /DockerVol/Authentik/media:/media @@ -121,21 +118,16 @@ services: - /DockerVol/Authentik/custom-templates:/templates networks: - authentik + depends_on: + - postgresql + - redis deploy: placement: constraints: - node.hostname == znas - labels: - gremlin.uid.exempt: "true" - gremlin.uid.reason: "Authentik worker runs as 1964:1964 via user: directive" - gremlin.caddy.skip: "true" - gremlin.homepage.skip: "true" - gremlin.monitor.skip: "true" - gremlin.network.skip: "true" - gremlin.context: "docker.sock mount is required for Authentik outpost management" networks: netgrimoire: external: true authentik: - external: true \ No newline at end of file + external: true