infrastructure/playbooks/roles/authentik/vars/main.yml

60 lines
1.6 KiB
YAML

---
authentik_svc:
domain: "{{ all_services | service_get_domain(role_name) }}"
port: 9000
image_tag: 2024.8
db:
host: "{{ postgres.host }}"
user: "{{ opentofu.postgresql_data.authentik.user }}"
pass: "{{ opentofu.postgresql_data.authentik.pass }}"
database: "{{ opentofu.postgresql_data.authentik.database }}"
authentik_env:
AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"
AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}"
AUTHENTIK_EMAIL__PORT: "{{ mailer.port }}"
AUTHENTIK_EMAIL__USERNAME: "{{ vault_authentik.mail.user }}"
AUTHENTIK_EMAIL__PASSWORD: "{{ vault_authentik.mail.pass }}"
AUTHENTIK_EMAIL__USE_TLS: true
AUTHENTIK_EMAIL__USE_SSL: false
AUTHENTIK_EMAIL__TIMEOUT: 10
AUTHENTIK_EMAIL__FROM: auth@serguzim.me
AUTHENTIK_AVATARS: none
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: "{{ svc.db.host }}"
AUTHENTIK_POSTGRESQL__NAME: "{{ svc.db.database }}"
AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}"
AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}"
authentik_compose:
watchtower: false
image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
file:
services:
app:
command: server
depends_on:
- redis
worker:
image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
restart: always
command: worker
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./certs:/certs
env_file:
- service.env
depends_on:
- redis
networks:
default:
redis:
image: redis:alpine
restart: always
networks:
default: