From e9c9a51b8d4e701df8bee90c8ce2b2e8b88a7dac Mon Sep 17 00:00:00 2001 From: Lee Conlin Date: Sat, 9 Mar 2024 21:50:56 +0000 Subject: [PATCH] Added Authentik identity server as a service --- public/svgs/authentik.png | Bin 0 -> 5736 bytes templates/compose/authentik.env | 10 +++ templates/compose/authentik.yaml | 109 +++++++++++++++++++++++++++++++ 3 files changed, 119 insertions(+) create mode 100644 public/svgs/authentik.png create mode 100644 templates/compose/authentik.env create mode 100644 templates/compose/authentik.yaml diff --git a/public/svgs/authentik.png b/public/svgs/authentik.png new file mode 100644 index 0000000000000000000000000000000000000000..8f945aad8db7b1a20784d6b4a1ed8fee44fd1b76 GIT binary patch literal 5736 zcmcJTXH-+q*2V)EqbNuVO;DQBJ1P)Gl+cS5=~XEKLkUs>B1QZwC

Zy7U@~l+c7= zsG@WP3=)tUY7mepEqRak^Idn{5BL3W);ed-%$z;5&VFY9o)@Mjx-886%peemMPCnY z4gxXo{=H6}1X^MeR^ve+Zh3w9t-B#v8>BOVcgNd$x9MtjSYsElYnQl?U*U#t67oIl zngpc@>LKUB_O&Vt+}ctM{{6+mzDTtE_9|34iPUb&CHk+k5*IicxLY?56L>$n$hbD7wX{YMNm zf1g+JSXH`PlH-3BN>}}5d5(&P<@4tDW7cqoqwIRaF!&;8pW301{#MN$beda7d%us@ z`ZA}xJ&9P0lj|&})#+Z1+(ZvipZQ zjR_j@a3A}gS)bJ)KBAS`7uDXEDVmWCm(kL>?s*^=d0VMYv^+RDJ}$ySq1@YnZhW|e z@WoBGVZ<}9KE4A_7!f?3Q50B~TH)l!N0~Mkja>2T#!z$MzVD(}&ptq!G)TQ`GkF(T z{`1Eb=nvE?-^FyW=+@ife0?_N;-__50Wni~x)*tp?viYWO#-)?djzg+lIN*MvNOhJ z3W9GOsb4Lr3(APNPmO_yTd?sqa^`ZA*JSMX-H3|JTo?5Wz3`SRJ{tnI?F~^#8NI0R z`L?EEnT#v2w|!hjx*Syx?Gs6KB(Z*ukz_VZXbRxTY&7}csAN(ep!6zwRcK@9QfM&h zz))l-2>AZ3=9cmFfE<{ygI8F7c5*zp6U%5KD}Pucm_>tp1{-MeKeAgmLKZe$HblP( zL7iBDyLUgc^1nBh^yPF*L2ioPkd5EW?ut-fKP?xR*B5d^ivUN4rVnM@*bn^-_NfXR zLiaTG132Ksgx`e_Q#d{k z20^9uIFdHq;~0T4Pous1c52UvjiTOCct0k6%hTP$Ol1^CHouMbk~5Et-urVL7t{-~ z8yR2*i?6bd@G}=TW8@u#Uwtr{5M=VSbl2AGuxxH|6<`4el#*Z;6-8%!#{`*TlkZ_< z`LVFB5mSX2yW@Gb7b;nmu#;@KE7Fmru#Ug2@1>-xMza}ED_qhcv&P2slH6QP^xIBT z1?Q=n?$@ZGizG!*?`Oj}G4sf?;FSIuo1o@cx3vU@E+NAQ$m=ay_5VbxeFB179|U!I zFFY@N>>C%IbnIt@&@Y@5ASp)K*dnbQDqvcM61>Fr>%v2Ax#4H5!-8}@PlH7dou6)1 z!5G;}{JvwLYAsqSx&#$LCp?{X2%k%;Ln4zY63?T(YAXjTfliH684)d_f4dOvCbiHf zgcw>@Sce6GSrT26DbvuEQxa)R=0OmUx(M@fR4~pQHth6Y36q)?8ss^@XB_{?yAYrG z5B5x=dQbLYY||)hPD0DQ+lIYQbv_5-k!t8cMJ6=t7fodZ6gE7shI{G|0?j?l`hJx{ zVz4GSia_YsXvO0v;CX86lGxLrRU)kb8b7z!cK;94IW^*P>V_#QO_14KA;bUWiT|LV zWS87m`yEqTYl9%1>c3N46wm2OSmk8Nay+;Mr&L@uu#-#5bs28?S{2s4xvz&lTYt09 zLIDFUvByC7MUtgOoc-=~X|SKp+_!EQ@*T2cInAJ2Snbkb8NPwqTMrS@fDLPd5q zB|KPgQqmM?63fGp+)Ksem@h?lW~KBuTS{0sm{6qyXL?w{kZ;hT!MB3;Bt_p2wj_bj zAR=i3`-Q@tbZ#I&U1OVd`pu70&)KsihG8pkT^PBBTH8JOt-6}`Qs&ho1%mxek`#W^ z(LWXM!pg7Vc))_H_ZC%`u}6dIwF!5vLMncQD+4)@)X|nDG`Gem?GT=%R{k@%?}Lh1 zRs9f@a!!-$>kSBJ*|kcDILRH#Q)T8L7h_PjoZ8=b`8crV>qKGWhz5helZ>=~xbD(gJ4-N%dRa56tN$vSLdeDEn1GTq`0w=eK$Wr8F4WnV?*!uO9H@F8)Qj;?tgqj5P+8H|-+X{m zeem04%;`9PvZ{htc5V%MpOg;G(imbR`YxUeS4-#z<+E86Y`UMdr}zZb+*n8+b;pj- zdsE`sUAgriOhz`UYv8c%i|39l#^hgobw&)Nt6NM|2yk{jTl4!ySRFd=d~=Rtf8@uw zqC12QleQ&7%xg|HXgVlQyBrq2+n;_XV)m3#)?REb~qATgQ^>c^Am!a$RaoTRyXX}(J z)GRJ~s}ID%AW_`i)J{wMBBR&z_?PYLXbOCH8Fqoq+HT$nemL@@ou4+6D%dKt(Vu~7 z{PdZp%E*QrM8ESDtnB`otC@DNt}U|n9MEQGwV9MjYj2aR@b-mJGliqZimOKqIkDbo z^~nrpC0*^yAXesL^w!M7wX%|z|6n0{3sn&b)cHY2H*UZz6M`8T7>Dpcjy zDvJYc#ns4Pd-$dDfP!GatnpRguR_1VIT%Nky1tiOE+^_C%VqJkB-=KpILTL1PP6Bq zNB$bhGOGE^?a#&3)u&Hr$`|x(x^c0GTUQXMi*`k7W!Fw4t(-2w8r~$<+;oQ zAJXG|Tp)py)dSv@eJK9yMHK6hKEXR7I9IT2@^}Q-8UEAc9h~3f)uYEA6KCcP4pT>s zG$B0U1UHX%p1p5V{Ny;ZGA=-})P5WJD|NRXJ?|X{Gpfe`n~5Uh`S+|k$B!?W=cvqH ztbKXr>1fls0K_8ry^t!~O$c~_I2Gv4vGmi=plRxSSjCC*3RUNhaZ!PRzV=5gwbwPp z=Qre%VQANSt<9+njhYh%D#$seMAZY|6s&z^=>A^T1%}fh*4OEd-KIB^+ON8laGHN?2Y~c^9D(r9u zGwak%b9UnSy$e#(7cfiiJiYwGNtKxvmG^kw!tltiZRFYh<{`(jojNH^1XmEjC|lif zXJ^N4t#0WGkd%vV;(rS)2Px^nSjl_!!QP4$#1yh#;ao2(!fqKlIa@3N9WLt*Ozr&z z$qLU?97Vl^w)&O*gH>`RI%6ArDZV7=DgCB{N4)`U_|wTZ1B;R!G{t$o`?xidZ}ZN1rd-5#w(Kiat5DP@w--@+l~!}HBcs>+s)#ou^FqRP zo%bVu4^|Vg&aK~Q3(D8}idnY91qRkLUH|ym{#o*?obM=En7RPSt)&9+cTZ>4{4hXn zSo-xgefqjx>#-Dq9QeF_7@0b{w3R%LJSN}*Hjg7Oc&Xa5woblDv!u!M2gayToDe)^ z3|(UQXs={U-H43Twq5tLFTbl@&nFg(=Am%A1$myK;q6!b1gbX!8Z;3pX{qdO_{Q#= z2fpn3Grb#!%d&tVMhs#>n&0)meIG2Qzje+mVD>ZkO64eD{p3EX^=KxJQN8BRog~&P zi&NUg_ac06M9|II^%J0*a{PDQW>jgyKs7ojvAvEvdw~|e=p3F>&{#G8zAJ27CSba) zeZKzGuvTBRsfWuvV?pU62S9KMFE@4b2tOf59wQaEjSnHYKRc24L&7bWqf-xfX&-}< zN4xhs18eqgPdD%OgXP`%XqsN1g`^}zd&kHu)?xQlOE|I{7Y&$_4exJ>;CeR86cHiJZoS-{RUs597?%uJ(zh8t z{~&wm(9{`3Ld&b(qbFkH4dC6PUl$tY&b^_uo7DOr^NluPO9ZPlh%-$Z*8J#f5&Lx| zH+#pIv4JG|tCcr$VPe?H%c9DMj;o=cGj*)0eID9Xw;Mi~EIj(85ykY2t3M9_D7K_? zXB&0Tvg=AOG3fc)wcDS_buIXxIRQHKj8?tY{*8zJL5G^?_`*h9Rkb&E9ShUZ)gcJ5 zv9qUA*k0T}U}}d}`;}1y`UY9SCExOdzy)k2dJvU0R!|_ED}IBnz9`-z3KC=oj{!^S z1#VBj*Fr}vOQc;Ug+-JCXmQQD@ftuR3DNBAq6>up{DS7)n{HrQlmXhuiJ*Y|~c2Eq>D?v(TL~vd>*PNyfjH4l#*|&D|--#V8{nlFZ{P?BE=r} z0OLK2cSL7&qD};q#;1rVxpf%<|Ga0q)2!?IL}ki2*4l84e)&9eG2a+Ev@G^k7P<1}U+g&M;6V-Uy!q%2g;!IW=6don*V?~W6RblUMrgamQ3O7+hlY30Q^iPF z24Ev({fmf7o;G8Vg4ERn#(JUqGYVCX4$_4#2_IYc6S|WFg42N^_kc4%j87aFXUQv> zR-n*pA}A{9n7qU89cZ3Tj8xE#PcMP#)Jvol^z~OM_fA9E*bM>Hb|6ipyKdocnSY4L zgBbv?Cqf{24slgo%J{$tlOCC_g*B(-6Ez#&ma$b5Pm z!Bifk>;E$PMRMq_V8DQ|Xaule^=zGhe#Z#^um?eq7hv#0SLyfV&$;&&w8d7fShXN; zMwcw=O2wR8nXK0nIHZ|-g#T8RTxiM(VCK2aE8+tbaVO^wvOIY%_gx2VY`p(4X=Mz) z3PRk1EUr$>hB`I86#g;Q8`J+hV!(K3IX%p?S;Spq*7F0+$MB=!FXh*TxcOVv`RTn zH`fLA-uhqxRGb9^VEH|jqbIKmgEvjDu}P%C{fojq25nRaWu#W+SNUYxUQBF2x4P?q z<8ld5tLp&AS)+xZHcHAPt@!cc$ws@++$`@WDw-^>`hLRnIL?j=p3x_8TQ@c?^=m{b zLeAw#``+1+y_M?16)*KPrdk1V&RIC=U;(fes*=b#QXEMFq?%m)M?KOygirT@l8c#S zHpKxh$dL9)R9kD9{XCqbAqm)4vsIOS?`I>)5c6Yl1c#TZHQYQ<7vABMGWN*wJYp|& zKy~3mBqsjdMZjlDqL`|iD)?N&VP$=X_&Yb*MV(nIlsU_8T6K)i)*zA7!9K=*?5n~e z;yrEEzvAz3yl(1LR;ruDwc(3SfBPEDzW=FT?eIpQMu1OPc!e{VSx4M@%4z#xf=|S_ zeR!f3Kbz?^yA{;C@~J8AKQZ{f!|wmeOZe-8F03H=c$`A=0=H%y9r-~CZ2)ZStd`^e rrU}R=&O+?}-7o!X$sYLurZJt~1FMWba=+OEJb?7IP2g3xU84UF+$6pJ literal 0 HcmV?d00001 diff --git a/templates/compose/authentik.env b/templates/compose/authentik.env new file mode 100644 index 000000000..ef6b916d0 --- /dev/null +++ b/templates/compose/authentik.env @@ -0,0 +1,10 @@ +AUTHENTIK_SECRET_KEY=$SERVICE_PASSWORD_64_AUTHENTIK-SERVER +AUTHENTIK_ERROR_REPORTING__ENABLED=true +AUTHENTIK_EMAIL__HOST= +AUTHENTIK_EMAIL__PORT= +AUTHENTIK_EMAIL__USERNAME= +AUTHENTIK_EMAIL__PASSWORD= +AUTHENTIK_EMAIL__USE_TLS= +AUTHENTIK_EMAIL__USE_SSL= +AUTHENTIK_EMAIL__TIMEOUT= +AUTHENTIK_EMAIL__FROM= \ No newline at end of file diff --git a/templates/compose/authentik.yaml b/templates/compose/authentik.yaml new file mode 100644 index 000000000..b54becdcf --- /dev/null +++ b/templates/compose/authentik.yaml @@ -0,0 +1,109 @@ +# documentation: https://docs.goauthentik.io/docs/installation/docker-compose +# slogan: authentik is an open-source Identity Provider, focused on flexibility and versatility. +# tags: identity,login,user,oauth,openid,oidc,authentication,saml,auth0,okta +# logo: svgs/authentik.png + +version: "3.4" + +services: + postgresql: + image: docker.io/library/postgres:12-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d authentik -U $${SERVICE_USER_POSTGRESQL}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - database:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${SERVICE_PASSWORD_POSTGRESQL:?database password required} + POSTGRES_USER: ${SERVICE_USER_POSTGRESQL} + POSTGRES_DB: authentik + env_file: + - .env + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - redis:/data + authentik-server: + image: ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.2.2} + restart: unless-stopped + command: server + environment: + SERVICE_FQDN_AUTHENTIK-SERVER: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${SERVICE_USER_POSTGRESQL} + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${SERVICE_PASSWORD_POSTGRESQL} + AUTHENTIK_SECRET_KEY: ${SERVICE_PASSWORD_64_AUTHENTIK-SERVER} + AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING__ENABLED} + AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST} + AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT} + AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME} + AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD} + AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS} + AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL} + AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT} + AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM} + volumes: + - ./media:/media + - ./custom-templates:/templates + ports: + - "9000:9000" + - "9443:9443" + depends_on: + - postgresql + - redis + authentik-worker: + image: ghcr.io/goauthentik/server:${AUTHENTIK_TAG:-2024.2.2} + restart: unless-stopped + command: worker + environment: + SERVICE_FQDN_AUTHENTIK-WORKER: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${SERVICE_USER_POSTGRESQL} + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${SERVICE_PASSWORD_POSTGRESQL} + AUTHENTIK_SECRET_KEY: ${SERVICE_PASSWORD_64_AUTHENTIK-SERVER} + AUTHENTIK_ERROR_REPORTING__ENABLED: ${AUTHENTIK_ERROR_REPORTING__ENABLED} + AUTHENTIK_EMAIL__HOST: ${AUTHENTIK_EMAIL__HOST} + AUTHENTIK_EMAIL__PORT: ${AUTHENTIK_EMAIL__PORT} + AUTHENTIK_EMAIL__USERNAME: ${AUTHENTIK_EMAIL__USERNAME} + AUTHENTIK_EMAIL__PASSWORD: ${AUTHENTIK_EMAIL__PASSWORD} + AUTHENTIK_EMAIL__USE_TLS: ${AUTHENTIK_EMAIL__USE_TLS} + AUTHENTIK_EMAIL__USE_SSL: ${AUTHENTIK_EMAIL__USE_SSL} + AUTHENTIK_EMAIL__TIMEOUT: ${AUTHENTIK_EMAIL__TIMEOUT} + AUTHENTIK_EMAIL__FROM: ${AUTHENTIK_EMAIL__FROM} + # `user: root` and the docker socket volume are optional. + # See more for the docker socket integration here: + # https://goauthentik.io/docs/outposts/integrations/docker + # Removing `user: root` also prevents the worker from fixing the permissions + # on the mounted folders, so when removing this make sure the folders have the correct UID/GID + # (1000:1000 by default) + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates + depends_on: + - postgresql + - redis + +volumes: + database: + driver: local + redis: + driver: local