chore: add basic docker-compose for authentik

2026-01-14 12:47:45 +01:00 · 2026-01-14 12:47:45 +01:00 · f814496049
commit f814496049
parent 43327b47f3
3 changed files with 150 additions and 0 deletions
--- a/roles/authentik/templates/docker-compose.yml.j2
+++ b/roles/authentik/templates/docker-compose.yml.j2
@ -0,0 +1,79 @@
+services:
+  postgres:
+    image: {{ authentik_postgres_image }}
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: {{ authentik_postgres_db }}
+      POSTGRES_USER: {{ authentik_postgres_user }}
+      POSTGRES_PASSWORD: {{ authentik_postgres_password }}
+    volumes:
+      - {{ authentik_docker_volume_dir }}/postgresql:/var/lib/postgresql/data
+    networks:
+      - {{ authentik_backend_network }}
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d {{ authentik_postgres_db }} -U {{ authentik_postgres_user }}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+
+  server:
+    image: {{ authentik_image }}
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_SECRET_KEY: {{ authentik_secret_key }}
+      AUTHENTIK_POSTGRESQL__HOST: postgres
+      AUTHENTIK_POSTGRESQL__NAME: {{ authentik_postgres_db }}
+      AUTHENTIK_POSTGRESQL__USER: {{ authentik_postgres_user }}
+      AUTHENTIK_POSTGRESQL__PASSWORD: {{ authentik_postgres_password }}
+      AUTHENTIK_LOG_LEVEL: {{ authentik_log_level }}
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "{{ authentik_error_reporting_enabled | lower }}"
+    volumes:
+      - {{ authentik_docker_volume_dir }}/data:/data
+      - {{ authentik_docker_volume_dir }}/templates:/templates
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - {{ authentik_backend_network }}
+      - {{ authentik_traefik_network }}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network={{ authentik_traefik_network }}
+      - traefik.http.routers.{{ authentik_service_name }}.rule=Host(`{{ authentik_domain }}`)
+{% if authentik_use_ssl %}
+      - traefik.http.routers.{{ authentik_service_name }}.entrypoints=websecure
+      - traefik.http.routers.{{ authentik_service_name }}.tls=true
+{% else %}
+      - traefik.http.routers.{{ authentik_service_name }}.entrypoints=web
+{% endif %}
+      - traefik.http.services.{{ authentik_service_name }}.loadbalancer.server.port={{ authentik_port }}
+
+  worker:
+    image: {{ authentik_image }}
+    restart: unless-stopped
+    command: worker
+    user: root
+    environment:
+      AUTHENTIK_SECRET_KEY: {{ authentik_secret_key }}
+      AUTHENTIK_POSTGRESQL__HOST: postgres
+      AUTHENTIK_POSTGRESQL__NAME: {{ authentik_postgres_db }}
+      AUTHENTIK_POSTGRESQL__USER: {{ authentik_postgres_user }}
+      AUTHENTIK_POSTGRESQL__PASSWORD: {{ authentik_postgres_password }}
+      AUTHENTIK_LOG_LEVEL: {{ authentik_log_level }}
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "{{ authentik_error_reporting_enabled | lower }}"
+    volumes:
+      - {{ authentik_docker_volume_dir }}/data:/data
+      - {{ authentik_docker_volume_dir }}/certs:/certs
+      - {{ authentik_docker_volume_dir }}/templates:/templates
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - {{ authentik_backend_network }}
+
+networks:
+  {{ authentik_backend_network }}:
+  {{ authentik_traefik_network }}:
+    external: true