deployment/my-compose/authentik/authentik-compose.yaml

# ------------------------------
# -- authentik (Identity Provider / SSO)
# -- Updated/Created 2024-July-02
# ------------------------------
name: authentik # Project Name

networks:
  authentik-backend:
    name: authentik-backend

services:
  authentik_postgresql:
    image: docker.io/library/postgres:16-alpine
    container_name: authentik_postgresql
    shm_size: 128mb # https://hub.docker.com/_/postgres
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    networks:
      - authentik-backend
    volumes:
      - "$DOCKERDIR/appdata/authentik/postgresql/data:/var/lib/postgresql/data"
    secrets:
      - authentik_postgresql_db
      - authentik_postgresql_user
      - authentik_postgresql_password
    environment:
      - POSTGRES_PASSWORD_FILE
      - POSTGRES_USER_FILE
      - POSTGRES_DB_FILE

  authentik_redis:
    image: docker.io/library/redis:alpine
    container_name: authentik_redis
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    networks:
      - authentik-backend
    volumes:
      - "$DOCKERDIR/appdata/authentik/redis/data:/data"

  authentik_server:
    image: ghcr.io/goauthentik/server:latest
    container_name: authentik_server
    restart: unless-stopped
    command: server
    depends_on:
      - authentik_postgresql
      - authentik_redis
      - traefik
      - crowdsec 
    networks:
      - traefik
      - socket_proxy
      - authentik-backend
    secrets:
      - authentik_postgresql_db
      - authentik_postgresql_user
      - authentik_postgresql_password
      - authentik_secret_key
    environment:
      - AUTHENTIK_REDIS__HOST
      - AUTHENTIK_POSTGRESQL__HOST
      - AUTHENTIK_POSTGRESQL__NAME
      - AUTHENTIK_POSTGRESQL__USER
      - AUTHENTIK_POSTGRESQL__PASSWORD
      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS
      - AUTHENTIK_DISABLE_UPDATE_CHECK
      - AUTHENTIK_ERROR_REPORTING__ENABLED
      - AUTHENTIK_LOG_LEVEL
      - AUTHENTIK_SECRET_KEY
      - AUTHENTIK_COOKIE_DOMAIN
    volumes:
      - "$DOCKERDIR/appdata/authentik/media:/media"
      - "$DOCKERDIR/appdata/authentik/custom-templates:/templates"
      - "$DOCKERDIR/appdata/authentik/geoip/data:/geoip"

  authentik_worker:
    image: ghcr.io/goauthentik/server:latest
    container_name: authentik_worker
    restart: unless-stopped
    user: 1000:1000
    command: worker
    depends_on:
      - authentik_postgresql
      - authentik_redis
    networks:
      - socket_proxy
      - authentik-backend
    secrets:
      - authentik_postgresql_db
      - authentik_postgresql_user
      - authentik_postgresql_password
      - authentik_secret_key
      - gmail_smtp_username
      - gmail_smtp_password
    environment:
      - DOCKER_HOST
      - AUTHENTIK_REDIS__HOST
      - AUTHENTIK_POSTGRESQL__HOST
      - AUTHENTIK_POSTGRESQL__NAME
      - AUTHENTIK_POSTGRESQL__USER
      - AUTHENTIK_POSTGRESQL__PASSWORD
      - AUTHENTIK_DISABLE_STARTUP_ANALYTICS
      - AUTHENTIK_DISABLE_UPDATE_CHECK
      - AUTHENTIK_ERROR_REPORTING__ENABLED
      - AUTHENTIK_SECRET_KEY
      - AUTHENTIK_COOKIE_DOMAIN
      - AUTHENTIK_LOG_LEVEL
      - AUTHENTIK_EMAIL__HOST
      - AUTHENTIK_EMAIL__PORT
      - AUTHENTIK_EMAIL__USERNAME
      - AUTHENTIK_EMAIL__PASSWORD
      - AUTHENTIK_EMAIL__USE_TLS
      - AUTHENTIK_EMAIL__USE_SSL
      - AUTHENTIK_EMAIL__TIMEOUT
      - AUTHENTIK_EMAIL__FROM
    volumes:
      - "$DOCKERDIR/appdata/authentik/media:/media"
      - "$DOCKERDIR/appdata/authentik/custom-templates:/templates"
      - "$DOCKERDIR/appdata/authentik/geoip/data:/geoip"
      
  geoipupdate:
    image: ghcr.io/maxmind/geoipupdate:latest
    container_name: geoipupdate
    restart: unless-stopped
    user: ${PUID}:${PGID}
    volumes:
      - "$DOCKERDIR/appdata/authentik/geoip/data:/usr/share/GeoIP"
    networks:
      - authentik-backend
    secrets:
      - geoip_account_id
      - geoip_license_key
    environment:
      - GEOIPUPDATE_EDITION_IDS
      - GEOIPUPDATE_FREQUENCY
      - GEOIPUPDATE_ACCOUNT_ID_FILE
      - GEOIPUPDATE_LICENSE_KEY_FILE

  whoami-individual:
    image: traefik/whoami:latest
    container_name: whoami-individual
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    depends_on:
      - traefik
      - authentik_server
      - authentik_worker
    networks:
      - traefik
    environment:
      - TZ

  whoami-catchall:
    image: traefik/whoami:latest
    container_name: whoami-catchall
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    depends_on:
      - traefik
      - authentik_server
      - authentik_worker
    networks:
      - traefik
    environment:
      - TZ