Add Authentik (#1595)

* Add Authentik

* Update Missing Items From Tests

* Update docker-compose.yml

* Update config.json

* Update docker-compose.yml

* Update Envs

* Update docker-compose.yml

apps/authentik/config.json

@@ -0,0 +1,30 @@
+{
+  "$schema": "../schema.json",
+  "name": "Authentik",
+  "port": 8770,
+  "available": true,
+  "exposable": true,
+  "id": "authentik",
+  "tipi_version": 1,
+  "version": "2023.10.3",
+  "categories": ["development"],
+  "description": "The authentication glue you need.",
+  "short_desc": "The authentication glue you need.",
+  "author": "goauthentik",
+  "source": "https://github.com/goauthentik/authentik",
+  "form_fields": [
+    {
+      "type": "random",
+      "label": "AUTHENTIK_DB_PASSWORD",
+      "min": 40,
+      "env_variable": "AUTHENTIK_DB_PASSWORD"
+    },
+    {
+      "type": "random",
+      "label": "AUTHENTIK_SECRET_KEY",
+      "min": 50,
+      "env_variable": "AUTHENTIK_SECRET_KEY"
+    }
+  ],
+  "supported_architectures": ["arm64", "amd64"]
+}

apps/authentik/docker-compose.yml

@@ -0,0 +1,115 @@
+version: "3.7"
+
+services:
+  authentik:
+    image: ghcr.io/goauthentik/server:2023.10.3
+    restart: unless-stopped
+    command: server
+    container_name: authentik
+    environment:
+      AUTHENTIK_REDIS__HOST: authentik-redis
+      AUTHENTIK_POSTGRESQL__HOST: authentik-db
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+    volumes:
+      - ${APP_DATA_DIR}/data/authentik-media:/media
+      - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates
+    ports:
+      - "8769:9000"
+      - "${APP_PORT}:9443"
+    depends_on:
+      - authentik-db
+      - authentik-redis
+    networks:
+      - tipi_main_network
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.authentik-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.authentik.loadbalancer.server.port: 9000
+      # Web
+      traefik.http.routers.authentik-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.authentik-insecure.entrypoints: web
+      traefik.http.routers.authentik-insecure.service: authentik
+      traefik.http.routers.authentik-insecure.middlewares: authentik-web-redirect
+      # Websecure
+      traefik.http.routers.authentik.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.authentik.entrypoints: websecure
+      traefik.http.routers.authentik.service: authentik
+      traefik.http.routers.authentik.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.authentik-local-insecure.rule: Host(`authentik.${LOCAL_DOMAIN}`)
+      traefik.http.routers.authentik-local-insecure.entrypoints: web
+      traefik.http.routers.authentik-local-insecure.service: authentik
+      traefik.http.routers.authentik-local-insecure.middlewares: authentik-web-redirect
+      # Local domain secure
+      traefik.http.routers.authentik-local.rule: Host(`authentik.${LOCAL_DOMAIN}`)
+      traefik.http.routers.authentik-local.entrypoints: websecure
+      traefik.http.routers.authentik-local.service: authentik
+      traefik.http.routers.authentik-local.tls: true
+  authentik-worker:
+    image: ghcr.io/goauthentik/server:2023.10.3
+    restart: unless-stopped
+    command: worker
+    container_name: authentik-worker
+    environment:
+      AUTHENTIK_REDIS__HOST: authentik-redis
+      AUTHENTIK_POSTGRESQL__HOST: authentik-db
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${APP_DATA_DIR}/data/authentik-media:/media
+      - ${APP_DATA_DIR}/data/authentik-certs:/certs
+      - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates
+    depends_on:
+      - authentik-db
+      - authentik-redis
+    networks:
+      - tipi_main_network
+
+  authentik-db:
+    container_name: authentik-db
+    image: docker.io/library/postgres:12-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD}
+      POSTGRES_USER: authentik
+      POSTGRES_DB: authentik
+    networks:
+      - tipi_main_network
+
+  authentik-redis:
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    container_name: authentik-redis
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - ${APP_DATA_DIR}/data/redis:/data
+    networks:
+      - tipi_main_network

apps/authentik/metadata/description.md

@@ -0,0 +1,22 @@
+## Install Information
+
+*Initial Install May take a bit to start up!*
+
+To start the initial setup, navigate to http://<your server's IP or hostname>:9000/if/flow/initial-setup/.
+
+There you are prompted to set a password for the akadmin user (the default user).
+
+## What is authentik?
+
+authentik is an open-source Identity Provider that emphasizes flexibility and versatility. It can be seamlessly integrated into existing environments to support new protocols. authentik is also a great solution for implementing sign-up, recovery, and other similar features in your application, saving you the hassle of dealing with them.
+
+## Docs
+
+Visit the [documentation](https://goauthentik.io/docs/) for more information
+
+## Screenshots
+
+| Light | Dark |
+| --- | --- |
+| [![](https://camo.githubusercontent.com/49bdfe06ba218e307e6eb171bf5c88e96b1302be81cdb9f9e33a39ba1e269479/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f617070735f6c696768742e6a7067)](https://camo.githubusercontent.com/49bdfe06ba218e307e6eb171bf5c88e96b1302be81cdb9f9e33a39ba1e269479/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f617070735f6c696768742e6a7067) | [![](https://camo.githubusercontent.com/32ed9376350e9bb727396ec149de406b2d7b150ea6770343d5ecb405aa0b51fe/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f617070735f6461726b2e6a7067)](https://camo.githubusercontent.com/32ed9376350e9bb727396ec149de406b2d7b150ea6770343d5ecb405aa0b51fe/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f617070735f6461726b2e6a7067) |
+| [![](https://camo.githubusercontent.com/52bf3c54e399ecffcdde04089f1939c23c21acf4f53beeb1fa3893573359fbae/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f61646d696e5f6c696768742e6a7067)](https://camo.githubusercontent.com/52bf3c54e399ecffcdde04089f1939c23c21acf4f53beeb1fa3893573359fbae/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f61646d696e5f6c696768742e6a7067) | [![](https://camo.githubusercontent.com/09a804e359f3950b2b8e2fcf59374de6669cad1aeb39efc064dfec880327024f/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f61646d696e5f6461726b2e6a7067)](https://camo.githubusercontent.com/09a804e359f3950b2b8e2fcf59374de6669cad1aeb39efc064dfec880327024f/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f61646d696e5f6461726b2e6a7067) |