version: "3.8"

services:
  authelia:
    image: authelia/authelia:latest
    container_name: authelia
    hostname: authelia
   # user: "1001:998"
    networks:
      - netgrimoire
    environment:
      - PUID=1001
      - PGID=998
      - TZ=America/Chicago
    volumes:
      - /DockerVol/authelia/config:/config
      - /DockerVol/authelia/secrets:/secrets
    ports:
      # Optional: usually you do NOT need to publish this if only Caddy talks to it
      # - "9091:9091"
      - target: 9091
        published: 9091
        protocol: tcp
        mode: ingress
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == nas
      labels:
        # Caddy - Authelia portal URL
        - caddy=login.wasted-bandwidth.net
        - caddy.reverse_proxy={{upstreams 9091}}

        # Homepage
        - homepage.group=Auth
        - homepage.name=Authelia
        - homepage.icon=authelia.png
        - homepage.href=https://login.wasted-bandwidth.net
        - homepage.description=SSO / Forward-Auth (wasted-bandwidth.net)

        # Uptime Kuma
        - kuma.authelia.http.name="Authelia"
        - kuma.authelia.http.url=http://authelia:9091

    restart: unless-stopped
    depends_on:
      - redis

  redis:
    image: redis:7-alpine
    container_name: authelia-redis
    hostname: authelia-redis
    #user: "1001:998"
    networks:
      - netgrimoire
    environment:
      - TZ=America/Chicago
      - PUID=1001
      - PGID=998
    command: >
      sh -c "redis-server --appendonly yes --dir /data"
    volumes:
      - /DockerVol/authelia/redis:/data
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.hostname == nas
 
    restart: unless-stopped

networks:
  netgrimoire:
    external: true