diff --git a/apps/authentik/config.json b/apps/authentik/config.json new file mode 100644 index 00000000..16eb6d7b --- /dev/null +++ b/apps/authentik/config.json @@ -0,0 +1,30 @@ +{ + "$schema": "../schema.json", + "name": "Authentik", + "port": 8770, + "available": true, + "exposable": true, + "id": "authentik", + "tipi_version": 1, + "version": "2023.10.3", + "categories": ["development"], + "description": "The authentication glue you need.", + "short_desc": "The authentication glue you need.", + "author": "goauthentik", + "source": "https://github.com/goauthentik/authentik", + "form_fields": [ + { + "type": "random", + "label": "AUTHENTIK_DB_PASSWORD", + "min": 40, + "env_variable": "AUTHENTIK_DB_PASSWORD" + }, + { + "type": "random", + "label": "AUTHENTIK_SECRET_KEY", + "min": 50, + "env_variable": "AUTHENTIK_SECRET_KEY" + } + ], + "supported_architectures": ["arm64", "amd64"] +} diff --git a/apps/authentik/docker-compose.yml b/apps/authentik/docker-compose.yml new file mode 100644 index 00000000..ef7e8fb4 --- /dev/null +++ b/apps/authentik/docker-compose.yml @@ -0,0 +1,115 @@ +version: "3.7" + +services: + authentik: + image: ghcr.io/goauthentik/server:2023.10.3 + restart: unless-stopped + command: server + container_name: authentik + environment: + AUTHENTIK_REDIS__HOST: authentik-redis + AUTHENTIK_POSTGRESQL__HOST: authentik-db + AUTHENTIK_POSTGRESQL__USER: authentik + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} + volumes: + - ${APP_DATA_DIR}/data/authentik-media:/media + - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates + ports: + - "8769:9000" + - "${APP_PORT}:9443" + depends_on: + - authentik-db + - authentik-redis + networks: + - tipi_main_network + labels: + # Main + traefik.enable: true + traefik.http.middlewares.authentik-web-redirect.redirectscheme.scheme: https + traefik.http.services.authentik.loadbalancer.server.port: 9000 + # Web + traefik.http.routers.authentik-insecure.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.authentik-insecure.entrypoints: web + traefik.http.routers.authentik-insecure.service: authentik + traefik.http.routers.authentik-insecure.middlewares: authentik-web-redirect + # Websecure + traefik.http.routers.authentik.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.authentik.entrypoints: websecure + traefik.http.routers.authentik.service: authentik + traefik.http.routers.authentik.tls.certresolver: myresolver + # Local domain + traefik.http.routers.authentik-local-insecure.rule: Host(`authentik.${LOCAL_DOMAIN}`) + traefik.http.routers.authentik-local-insecure.entrypoints: web + traefik.http.routers.authentik-local-insecure.service: authentik + traefik.http.routers.authentik-local-insecure.middlewares: authentik-web-redirect + # Local domain secure + traefik.http.routers.authentik-local.rule: Host(`authentik.${LOCAL_DOMAIN}`) + traefik.http.routers.authentik-local.entrypoints: websecure + traefik.http.routers.authentik-local.service: authentik + traefik.http.routers.authentik-local.tls: true + authentik-worker: + image: ghcr.io/goauthentik/server:2023.10.3 + restart: unless-stopped + command: worker + container_name: authentik-worker + environment: + AUTHENTIK_REDIS__HOST: authentik-redis + AUTHENTIK_POSTGRESQL__HOST: authentik-db + AUTHENTIK_POSTGRESQL__USER: authentik + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} + # `user: root` and the docker socket volume are optional. + # See more for the docker socket integration here: + # https://goauthentik.io/docs/outposts/integrations/docker + # Removing `user: root` also prevents the worker from fixing the permissions + # on the mounted folders, so when removing this make sure the folders have the correct UID/GID + # (1000:1000 by default) + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${APP_DATA_DIR}/data/authentik-media:/media + - ${APP_DATA_DIR}/data/authentik-certs:/certs + - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates + depends_on: + - authentik-db + - authentik-redis + networks: + - tipi_main_network + + authentik-db: + container_name: authentik-db + image: docker.io/library/postgres:12-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD} + POSTGRES_USER: authentik + POSTGRES_DB: authentik + networks: + - tipi_main_network + + authentik-redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + container_name: authentik-redis + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ${APP_DATA_DIR}/data/redis:/data + networks: + - tipi_main_network diff --git a/apps/authentik/metadata/description.md b/apps/authentik/metadata/description.md new file mode 100644 index 00000000..4098474a --- /dev/null +++ b/apps/authentik/metadata/description.md @@ -0,0 +1,22 @@ +## Install Information + +*Initial Install May take a bit to start up!* + +To start the initial setup, navigate to http://:9000/if/flow/initial-setup/. + +There you are prompted to set a password for the akadmin user (the default user). + +## What is authentik? + +authentik is an open-source Identity Provider that emphasizes flexibility and versatility. It can be seamlessly integrated into existing environments to support new protocols. authentik is also a great solution for implementing sign-up, recovery, and other similar features in your application, saving you the hassle of dealing with them. + +## Docs + +Visit the [documentation](https://goauthentik.io/docs/) for more information + +## Screenshots + +| Light | Dark | +| --- | --- | +| [![](https://camo.githubusercontent.com/49bdfe06ba218e307e6eb171bf5c88e96b1302be81cdb9f9e33a39ba1e269479/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f617070735f6c696768742e6a7067)](https://camo.githubusercontent.com/49bdfe06ba218e307e6eb171bf5c88e96b1302be81cdb9f9e33a39ba1e269479/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f617070735f6c696768742e6a7067) | [![](https://camo.githubusercontent.com/32ed9376350e9bb727396ec149de406b2d7b150ea6770343d5ecb405aa0b51fe/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f617070735f6461726b2e6a7067)](https://camo.githubusercontent.com/32ed9376350e9bb727396ec149de406b2d7b150ea6770343d5ecb405aa0b51fe/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f617070735f6461726b2e6a7067) | +| [![](https://camo.githubusercontent.com/52bf3c54e399ecffcdde04089f1939c23c21acf4f53beeb1fa3893573359fbae/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f61646d696e5f6c696768742e6a7067)](https://camo.githubusercontent.com/52bf3c54e399ecffcdde04089f1939c23c21acf4f53beeb1fa3893573359fbae/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f61646d696e5f6c696768742e6a7067) | [![](https://camo.githubusercontent.com/09a804e359f3950b2b8e2fcf59374de6669cad1aeb39efc064dfec880327024f/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f61646d696e5f6461726b2e6a7067)](https://camo.githubusercontent.com/09a804e359f3950b2b8e2fcf59374de6669cad1aeb39efc064dfec880327024f/68747470733a2f2f676f61757468656e74696b2e696f2f696d672f73637265656e5f61646d696e5f6461726b2e6a7067) | \ No newline at end of file diff --git a/apps/authentik/metadata/logo.jpg b/apps/authentik/metadata/logo.jpg new file mode 100644 index 00000000..78d8be1f Binary files /dev/null and b/apps/authentik/metadata/logo.jpg differ