Authentik

Author: romkey

authentik/.env.example

@@ -0,0 +1,28 @@
+AUTHENTIK_SECRET_KEY=<FILL IN>
+
+# SMTP Host Emails are sent to
+AUTHENTIK_EMAIL__HOST=<MAIL SERVER HOSTNAME>
+AUTHENTIK_EMAIL__PORT=<MAIL SERVER PORT>
+
+# Optionally authenticate (don't add quotation marks to your password)
+AUTHENTIK_EMAIL__USERNAME=<MAIL SERVER EMAIL/USERNAME>
+AUTHENTIK_EMAIL__PASSWORD=<MAIL SERVER PASSWORD>
+
+# Use StartTLS
+AUTHENTIK_EMAIL__USE_TLS=false
+
+# Use SSL
+AUTHENTIK_EMAIL__USE_SSL=true
+AUTHENTIK_EMAIL__TIMEOUT=10
+
+# Email address authentik will send from, should have a correct @domain
+AUTHENTIK_EMAIL__FROM=info@pdxhackerspace.org
+
+# Database config
+AUTHENTIK_POSTGRESQL__HOST=postgresql
+AUTHENTIK_POSTGRESQL__NAME=authentik_db
+AUTHENTIK_POSTGRESQL__USER=authentik_user
+AUTHENTIK_POSTGRESQL__PASSWORD=<DATABASE PASSWORD>
+
+# Automatic database backup URL
+BACKUP_DATABASE_URLS=postgresql://authentik_user:<DATABASE PASSWORD>@postgresql:5432/authentik_db

authentik/docker-compose.yml

@@ -0,0 +1,73 @@
+services:
+  redis:
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - ../../lib/authentik/redis:/data
+    networks:
+      - redis
+
+  server:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.3}
+    restart: unless-stopped
+    command: server
+    hostname: authentik-server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+    volumes:
+      - ../../lib/authentik/media:/media
+      - ../../lib/authentik/custom-templates:/templates
+    env_file:
+      - .env
+#    ports:
+#      - "${COMPOSE_PORT_HTTP:-9000}:9000"
+#      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
+    depends_on:
+      - redis
+    networks:
+      - proxy
+      - redis
+      - database
+
+  worker:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.3}
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ../../lib/authentik/media:/media
+      - ../../lib/authentik/certs:/certs
+      - ../../lib/authentik/custom-templates:/templates
+    env_file:
+      - .env
+    depends_on:
+      - redis
+    networks:
+      - redis
+      - database
+
+networks:
+  proxy:
+    external: true
+    name: nginx-proxy-net
+  database:
+    external: true
+    name: postgres-net
+  redis:
+    name: authentik-redis-net