infrastructure/roles/authentik/vars/main.yml

60 lines
1.5 KiB
YAML

---
authentik_svc:
domain: auth.serguzim.me
name: authentik
port: 9000
image_tag: 2024.2
db:
host: "{{ postgres.host }}"
database: authentik
user: "{{ vault_authentik.db.user }}"
pass: "{{ vault_authentik.db.pass }}"
authentik_env:
AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"
AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}"
AUTHENTIK_EMAIL__PORT: "{{ mailer.port }}"
AUTHENTIK_EMAIL__USERNAME: "{{ vault_authentik.mail.user }}"
AUTHENTIK_EMAIL__PASSWORD: "{{ vault_authentik.mail.pass }}"
AUTHENTIK_EMAIL__USE_TLS: true
AUTHENTIK_EMAIL__USE_SSL: false
AUTHENTIK_EMAIL__TIMEOUT: 10
AUTHENTIK_EMAIL__FROM: auth@serguzim.me
AUTHENTIK_AVATARS: none
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: "{{ svc.db.host }}"
AUTHENTIK_POSTGRESQL__NAME: "{{ svc.db.database }}"
AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}"
AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}"
authentik_compose:
watchtower: false
image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
file:
services:
app:
command: server
depends_on:
- redis
worker:
image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
restart: always
command: worker
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
env_file:
- service.env
depends_on:
- redis
networks:
default:
redis:
image: redis:alpine
restart: always
networks:
default: