diff --git a/docker/auth/.gitignore b/docker/auth/.gitignore deleted file mode 100644 index e1d3077..0000000 --- a/docker/auth/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -.ldap_admin_password_secret -.ldap_read_only_password_secret diff --git a/docker/auth/docker-compose.yaml b/docker/auth/docker-compose.yaml deleted file mode 100644 index 7e11734..0000000 --- a/docker/auth/docker-compose.yaml +++ /dev/null @@ -1,44 +0,0 @@ -version: "3.8" - -services: - openldap: - container_name: openldap - image: osixia/openldap:1.5.0 - restart: always - hostname: ldap.korhonen.cc - ports: - - "389:389" - - "636:636" - environment: - - LDAP_ORGANISATION=Korhonen - - LDAP_DOMAIN=korhonen.cc - - LDAP_ADMIN_PASSWORD_FILE=/run/secrets/ldap_admin_password - - LDAP_READ_ONLY_USER=true - - LDAP_READ_ONLY_USER_USERNAME=ldap-ro - - LDAP_READ_ONLY_USER_PASSWORD_FILE=/run/secrets/ldap_read_only_password - secrets: - - ldap_admin_password - - ldap_read_only_password - volumes: - - "/docker/auth/openldap/ldap:/var/lib/ldap" - - "/docker/auth/openldap/slapd.d/:/etc/ldap/slapd.d" - - "/docker/auth/openldap/lidf:/data/ldif" - - phpldapadmin: - container_name: phpldapadmin - image: osixia/phpldapadmin - environment: - - PHPLDAPADMIN_HTTPS=false - - PHPLDAPADMIN_HOSTS=openldap - ports: - - "4588:80" - -networks: - auth: - external: true - -secrets: - ldap_admin_password: - file: ./.ldap_admin_password_secret - ldap_read_only_password: - file: ./.ldap_read_only_password_secret diff --git a/docker/authentik/docker-compose.yaml b/docker/authentik/docker-compose.yaml new file mode 100644 index 0000000..fefbf77 --- /dev/null +++ b/docker/authentik/docker-compose.yaml @@ -0,0 +1,84 @@ +services: + + redis: + container_name: authentik-redis + image: redis:alpine + restart: unless-stopped + networks: + - authentik + + authentik: + container_name: authentik + image: ${AUTHENTIK_IMAGE:-goauthentik.io/server}:${AUTHENTIK_TAG:-2021.10.4} + restart: unless-stopped + command: server + volumes: + - /docker/authentik/media:/media + - /docker/authentik/custom-templates:/templates + - /docker/authentik/geoip:/geoip + env_file: + - .env + networks: + - authentik + - postgres + - proxy + ports: + - 9000:9000 + labels: + - "traefik.enable=true" + + - "traefik.http.routers.authentik-redirect.entrypoints=http" + - "traefik.http.routers.authentik-redirect.rule=Host(`sso.korhonen.cc`)" + - "traefik.http.middlewares.http2https.redirectscheme.scheme=https" + - "traefik.http.routers.authentik-redirect.middlewares=http2https" + + - "traefik.http.routers.authentik.entrypoints=https" + - "traefik.http.routers.authentik.rule=Host(`sso.korhonen.cc`)" + - "traefik.http.routers.authentik.service=authentik" + - "traefik.docker.network=proxy" + - "traefik.http.services.authentik.loadbalancer.server.port=9000" + + authentik-worker: + container_name: authentik-worker + image: ${AUTHENTIK_IMAGE:-goauthentik.io/server}:${AUTHENTIK_TAG:-2021.10.4} + restart: unless-stopped + command: worker + networks: + - authentik + - postgres + user: root + volumes: + - /docker/authentik/backups:/backups + - /docker/authentik/media:/media + - /var/run/docker.sock:/var/run/docker.sock + - /docker/authentik/custom-templates:/templates + - /docker/authentik/geoip:/geoip + environment: + - AUTHENTIK_POSTGRESQL__HOST + - AUTHENTIK_POSTGRESQL__USER + - AUTHENTIK_POSTGRESQL__NAME + - AUTHENTIK_POSTGRESQL__PASSWORD + - AUTHENTIK_SECRET_KEY + env_file: + - .env + + geoipupdate: + container_name: authentik-geoip + image: "maxmindinc/geoipupdate:latest" + volumes: + - /docker/authentik/geoip:/usr/share/GeoIP + environment: + GEOIPUPDATE_EDITION_IDS: "GeoLite2-City" + GEOIPUPDATE_FREQUENCY: "8" + env_file: + - .env + networks: + - authentik + +networks: + authentik: + internal: true + postgres: + external: true + proxy: + external: true diff --git a/dotdrop b/dotdrop index 24b4352..171f3df 160000 --- a/dotdrop +++ b/dotdrop @@ -1 +1 @@ -Subproject commit 24b43522a4f7f4294d2b5e3df18586c81476a984 +Subproject commit 171f3df7eba99497c0fc42e60a18d8f8c7de055d