--- authentik_svc: domain: "{{ all_services | service_get_domain(role_name) }}" port: 9000 image_tag: 2024.8 db: host: "{{ postgres.host }}" user: "{{ opentofu.postgresql_data.authentik.user }}" pass: "{{ opentofu.postgresql_data.authentik.pass }}" database: "{{ opentofu.postgresql_data.authentik.database }}" authentik_env: AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}" AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}" AUTHENTIK_EMAIL__PORT: "{{ mailer.port }}" AUTHENTIK_EMAIL__USERNAME: "{{ opentofu.mailcow_data.authentik.address }}" AUTHENTIK_EMAIL__PASSWORD: "{{ opentofu.mailcow_data.authentik.password }}" AUTHENTIK_EMAIL__USE_TLS: true AUTHENTIK_EMAIL__USE_SSL: false AUTHENTIK_EMAIL__TIMEOUT: 10 AUTHENTIK_EMAIL__FROM: "{{ opentofu.mailcow_data.authentik.address }}" AUTHENTIK_AVATARS: none AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: "{{ svc.db.host }}" AUTHENTIK_POSTGRESQL__NAME: "{{ svc.db.database }}" AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}" AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}" authentik_compose: watchtower: false image: ghcr.io/goauthentik/server:{{ svc.image_tag }} file: services: app: command: server depends_on: - redis worker: image: ghcr.io/goauthentik/server:{{ svc.image_tag }} restart: always command: worker user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./certs:/certs env_file: - service.env depends_on: - redis networks: default: redis: image: redis:alpine restart: always networks: default: