---
authentik_svc:
  domain: auth.serguzim.me
  name: authentik
  port: 9000
  image_tag: 2024.2
  db:
    host: "{{ postgres.host }}"
    database: authentik
    user: "{{ vault_authentik.db.user }}"
    pass: "{{ vault_authentik.db.pass }}"

authentik_env:
  AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"

  AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}"
  AUTHENTIK_EMAIL__PORT: "{{ mailer.port }}"
  AUTHENTIK_EMAIL__USERNAME: "{{ vault_authentik.mail.user }}"
  AUTHENTIK_EMAIL__PASSWORD: "{{ vault_authentik.mail.pass }}"
  AUTHENTIK_EMAIL__USE_TLS: true
  AUTHENTIK_EMAIL__USE_SSL: false
  AUTHENTIK_EMAIL__TIMEOUT: 10
  AUTHENTIK_EMAIL__FROM: auth@serguzim.me

  AUTHENTIK_AVATARS: none

  AUTHENTIK_REDIS__HOST: redis

  AUTHENTIK_POSTGRESQL__HOST: "{{ svc.db.host }}"
  AUTHENTIK_POSTGRESQL__NAME: "{{ svc.db.database }}"
  AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}"
  AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}"

authentik_compose:
  watchtower: false
  image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
  file:
    services:
      app:
        command: server
        depends_on:
          - redis
      worker:
        image: ghcr.io/goauthentik/server:{{ svc.image_tag }}
        restart: always
        command: worker
        user: root
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
        env_file:
          - service.env
        depends_on:
          - redis
        networks:
          default:
      redis:
        image: redis:alpine
        restart: always
        networks:
          default: