svc:
  domain: "auth.serguzim.me"
  name: authentik
  port: 9000
  image_tag: 2023.8
  db:
    host: "{{ postgres.host }}"
    database: authentik
    user: "{{ vault_authentik.db.user }}"
    pass: "{{ vault_authentik.db.pass }}"

svc_env:
  AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"

  AUTHENTIK_EMAIL__HOST: "{{ mailer.host }}"
  AUTHENTIK_EMAIL__PORT: "{{ mailer.port }}"
  AUTHENTIK_EMAIL__USERNAME: "{{ vault_authentik.mail.user }}"
  AUTHENTIK_EMAIL__PASSWORD: "{{ vault_authentik.mail.pass }}"
  AUTHENTIK_EMAIL__USE_TLS: true
  AUTHENTIK_EMAIL__USE_SSL: false
  AUTHENTIK_EMAIL__TIMEOUT: 10
  AUTHENTIK_EMAIL__FROM: auth@serguzim.me

  AUTHENTIK_AVATARS: none

  AUTHENTIK_REDIS__HOST: redis

  AUTHENTIK_POSTGRESQL__HOST: "{{ svc.db.host }}"
  AUTHENTIK_POSTGRESQL__NAME: "{{ svc.db.database }}"
  AUTHENTIK_POSTGRESQL__USER: "{{ svc.db.user }}"
  AUTHENTIK_POSTGRESQL__PASSWORD: "{{ svc.db.pass }}"

compose:
  watchtower: false
  image: "ghcr.io/goauthentik/server:{{ svc.image_tag }}"
  env: true
  file:
    services:
      app:
        depends_on:
          - redis
      worker:
        image: "ghcr.io/goauthentik/server:{{ svc.image_tag }}"
        restart: always
        command: worker
        user: root
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
        env_file:
          - service.env
        depends_on:
          - redis
        networks:
          default:

      redis:
        image: redis:alpine
        restart: always
        networks:
          default: