services:
  postgres:
    image: {{ authentik_postgres_image }}
    restart: unless-stopped
    environment:
      POSTGRES_DB: {{ authentik_postgres_db }}
      POSTGRES_USER: {{ authentik_postgres_user }}
      POSTGRES_PASSWORD: {{ authentik_postgres_password }}
    volumes:
      - {{ authentik_docker_volume_dir }}/postgresql:/var/lib/postgresql/data
    networks:
      - {{ authentik_backend_network }}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d {{ authentik_postgres_db }} -U {{ authentik_postgres_user }}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s

  server:
    image: {{ authentik_image }}
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_SECRET_KEY: {{ authentik_secret_key }}
      AUTHENTIK_POSTGRESQL__HOST: postgres
      AUTHENTIK_POSTGRESQL__NAME: {{ authentik_postgres_db }}
      AUTHENTIK_POSTGRESQL__USER: {{ authentik_postgres_user }}
      AUTHENTIK_POSTGRESQL__PASSWORD: {{ authentik_postgres_password }}
      AUTHENTIK_LOG_LEVEL: {{ authentik_log_level }}
      AUTHENTIK_ERROR_REPORTING__ENABLED: "{{ authentik_error_reporting_enabled | lower }}"
    volumes:
      - {{ authentik_docker_volume_dir }}/data:/data
      - {{ authentik_docker_volume_dir }}/templates:/templates
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - {{ authentik_backend_network }}
      - {{ authentik_traefik_network }}
    labels:
      - traefik.enable=true
      - traefik.docker.network={{ authentik_traefik_network }}
      - traefik.http.routers.{{ authentik_service_name }}.rule=Host(`{{ authentik_domain }}`)
{% if authentik_use_ssl %}
      - traefik.http.routers.{{ authentik_service_name }}.entrypoints=websecure
      - traefik.http.routers.{{ authentik_service_name }}.tls=true
{% else %}
      - traefik.http.routers.{{ authentik_service_name }}.entrypoints=web
{% endif %}
      - traefik.http.services.{{ authentik_service_name }}.loadbalancer.server.port={{ authentik_port }}

  worker:
    image: {{ authentik_image }}
    restart: unless-stopped
    command: worker
    user: root
    environment:
      AUTHENTIK_SECRET_KEY: {{ authentik_secret_key }}
      AUTHENTIK_POSTGRESQL__HOST: postgres
      AUTHENTIK_POSTGRESQL__NAME: {{ authentik_postgres_db }}
      AUTHENTIK_POSTGRESQL__USER: {{ authentik_postgres_user }}
      AUTHENTIK_POSTGRESQL__PASSWORD: {{ authentik_postgres_password }}
      AUTHENTIK_LOG_LEVEL: {{ authentik_log_level }}
      AUTHENTIK_ERROR_REPORTING__ENABLED: "{{ authentik_error_reporting_enabled | lower }}"
    volumes:
      - {{ authentik_docker_volume_dir }}/data:/data
      - {{ authentik_docker_volume_dir }}/certs:/certs
      - {{ authentik_docker_volume_dir }}/templates:/templates
    depends_on:
      postgres:
        condition: service_healthy
    networks:
      - {{ authentik_backend_network }}

networks:
  {{ authentik_backend_network }}:
  {{ authentik_traefik_network }}:
    external: true