From 6ea94b5d9d30d1e335248363e85645a47e367b4d Mon Sep 17 00:00:00 2001 From: tipi Date: Tue, 1 Jul 2025 16:13:47 +0000 Subject: [PATCH] Dateien nach "apps/authentik" hochladen --- apps/authentik/config.json | 35 +++++++++ apps/authentik/docker-compose.json | 110 ++++++++++++++++++++++++++++ apps/authentik/docker-compose.yml | 111 +++++++++++++++++++++++++++++ 3 files changed, 256 insertions(+) create mode 100644 apps/authentik/config.json create mode 100644 apps/authentik/docker-compose.json create mode 100644 apps/authentik/docker-compose.yml diff --git a/apps/authentik/config.json b/apps/authentik/config.json new file mode 100644 index 0000000..623c7c9 --- /dev/null +++ b/apps/authentik/config.json @@ -0,0 +1,35 @@ +{ + "$schema": "../app-info-schema.json", + "name": "Authentik", + "port": 9000, + "available": true, + "exposable": true, + "dynamic_config": true, + "no_gui": true, + "id": "authentik", + "tipi_version": 44, + "version": "2025.4.1", + "https": true, + "categories": ["development"], + "description": "The authentication glue you need.", + "short_desc": "The authentication glue you need.", + "author": "goauthentik", + "source": "https://github.com/goauthentik/authentik", + "form_fields": [ + { + "type": "random", + "label": "AUTHENTIK_DB_PASSWORD", + "min": 40, + "env_variable": "AUTHENTIK_DB_PASSWORD" + }, + { + "type": "random", + "label": "AUTHENTIK_SECRET_KEY", + "min": 50, + "env_variable": "AUTHENTIK_SECRET_KEY" + } + ], + "supported_architectures": ["arm64", "amd64"], + "created_at": 1691943801422, + "updated_at": 1748547279201 +} diff --git a/apps/authentik/docker-compose.json b/apps/authentik/docker-compose.json new file mode 100644 index 0000000..8874a88 --- /dev/null +++ b/apps/authentik/docker-compose.json @@ -0,0 +1,110 @@ +{ + "$schema": "../dynamic-compose-schema.json", + "services": [ + { + "image": "ghcr.io/goauthentik/server:2025.4.1", + "name": "authentik", + "internalPort": 9000, + "isMain": true, + "command": "server", + "volumes": [ + { + "hostPath": "${APP_DATA_DIR}/data/authentik-media", + "containerPath": "/media" + }, + { + "hostPath": "${APP_DATA_DIR}/data/authentik-custom-templates", + "containerPath": "/templates" + } + ], + "addPorts": [ + { + "hostPort": 9443, + "containerPort": 9443 + } + ], + "environment": { + "AUTHENTIK_REDIS__HOST": "authentik-redis", + "AUTHENTIK_POSTGRESQL__HOST": "authentik-db", + "AUTHENTIK_POSTGRESQL__USER": "authentik", + "AUTHENTIK_POSTGRESQL__NAME": "authentik", + "AUTHENTIK_POSTGRESQL__PASSWORD": "${AUTHENTIK_DB_PASSWORD}", + "AUTHENTIK_SECRET_KEY": "${AUTHENTIK_SECRET_KEY}" + }, + "dependsOn": ["authentik-db", "authentik-redis"] + }, + { + "image": "ghcr.io/goauthentik/server:2025.4.1", + "name": "authentik-worker", + "command": "worker", + "user": "root", + "volumes": [ + { + "hostPath": "/var/run/docker.sock", + "containerPath": "/var/run/docker.sock" + }, + { + "hostPath": "${APP_DATA_DIR}/data/authentik-media", + "containerPath": "/media" + }, + { + "hostPath": "${APP_DATA_DIR}/data/authentik-certs", + "containerPath": "/certs" + }, + { + "hostPath": "${APP_DATA_DIR}/data/authentik-custom-templates", + "containerPath": "/templates" + } + ], + "environment": { + "AUTHENTIK_REDIS__HOST": "authentik-redis", + "AUTHENTIK_POSTGRESQL__HOST": "authentik-db", + "AUTHENTIK_POSTGRESQL__USER": "authentik", + "AUTHENTIK_POSTGRESQL__NAME": "authentik", + "AUTHENTIK_POSTGRESQL__PASSWORD": "${AUTHENTIK_DB_PASSWORD}", + "AUTHENTIK_SECRET_KEY": "${AUTHENTIK_SECRET_KEY}" + }, + "dependsOn": ["authentik-db", "authentik-redis"] + }, + { + "image": "postgres:12-alpine", + "name": "authentik-db", + "volumes": [ + { + "hostPath": "${APP_DATA_DIR}/data/postgres", + "containerPath": "/var/lib/postgresql/data" + } + ], + "environment": { + "POSTGRES_PASSWORD": "${AUTHENTIK_DB_PASSWORD}", + "POSTGRES_USER": "authentik", + "POSTGRES_DB": "authentik" + }, + "healthCheck": { + "test": "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}", + "interval": "30s", + "timeout": "5s", + "retries": 5, + "startPeriod": "20s" + } + }, + { + "image": "redis:alpine", + "name": "authentik-redis", + "command": "--save 60 1 --loglevel warning", + "volumes": [ + { + "hostPath": "${APP_DATA_DIR}/data/redis", + "containerPath": "/data" + } + ], + "healthCheck": { + "test": "redis-cli ping | grep PONG", + "interval": "30s", + "timeout": "3s", + "retries": 5, + "startPeriod": "20s" + } + } + ] +} diff --git a/apps/authentik/docker-compose.yml b/apps/authentik/docker-compose.yml new file mode 100644 index 0000000..1b58341 --- /dev/null +++ b/apps/authentik/docker-compose.yml @@ -0,0 +1,111 @@ +version: '3.7' +services: + authentik: + image: ghcr.io/goauthentik/server:2025.4.1 + restart: unless-stopped + command: server + container_name: authentik + environment: + AUTHENTIK_REDIS__HOST: authentik-redis + AUTHENTIK_POSTGRESQL__HOST: authentik-db + AUTHENTIK_POSTGRESQL__USER: authentik + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} + volumes: + - ${APP_DATA_DIR}/data/authentik-media:/media + - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates + ports: + - ${APP_PORT}:9443 + depends_on: + - authentik-db + - authentik-redis + networks: + - tipi_main_network + labels: + traefik.enable: true + traefik.http.middlewares.authentik-web-redirect.redirectscheme.scheme: https + traefik.http.services.authentik.loadbalancer.server.port: 9000 + traefik.http.routers.authentik-insecure.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.authentik-insecure.entrypoints: web + traefik.http.routers.authentik-insecure.service: authentik + traefik.http.routers.authentik-insecure.middlewares: authentik-web-redirect + traefik.http.routers.authentik.rule: Host(`${APP_DOMAIN}`) + traefik.http.routers.authentik.entrypoints: websecure + traefik.http.routers.authentik.service: authentik + traefik.http.routers.authentik.tls.certresolver: myresolver + traefik.http.routers.authentik-local-insecure.rule: Host(`authentik.${LOCAL_DOMAIN}`) + traefik.http.routers.authentik-local-insecure.entrypoints: web + traefik.http.routers.authentik-local-insecure.service: authentik + traefik.http.routers.authentik-local-insecure.middlewares: authentik-web-redirect + traefik.http.routers.authentik-local.rule: Host(`authentik.${LOCAL_DOMAIN}`) + traefik.http.routers.authentik-local.entrypoints: websecure + traefik.http.routers.authentik-local.service: authentik + traefik.http.routers.authentik-local.tls: true + runtipi.managed: true + authentik-worker: + image: ghcr.io/goauthentik/server:2025.4.1 + restart: unless-stopped + command: worker + container_name: authentik-worker + environment: + AUTHENTIK_REDIS__HOST: authentik-redis + AUTHENTIK_POSTGRESQL__HOST: authentik-db + AUTHENTIK_POSTGRESQL__USER: authentik + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${AUTHENTIK_DB_PASSWORD} + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${APP_DATA_DIR}/data/authentik-media:/media + - ${APP_DATA_DIR}/data/authentik-certs:/certs + - ${APP_DATA_DIR}/data/authentik-custom-templates:/templates + depends_on: + - authentik-db + - authentik-redis + networks: + - tipi_main_network + labels: + runtipi.managed: true + authentik-db: + container_name: authentik-db + image: postgres:12-alpine + restart: unless-stopped + healthcheck: + test: + - CMD-SHELL + - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${AUTHENTIK_DB_PASSWORD} + POSTGRES_USER: authentik + POSTGRES_DB: authentik + networks: + - tipi_main_network + labels: + runtipi.managed: true + authentik-redis: + image: redis:alpine + command: '--save 60 1 --loglevel warning' + container_name: authentik-redis + restart: unless-stopped + healthcheck: + test: + - CMD-SHELL + - redis-cli ping | grep PONG + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ${APP_DATA_DIR}/data/redis:/data + networks: + - tipi_main_network + labels: + runtipi.managed: true