version: "2.3" x-authentik: &authentik image: ghcr.io/goauthentik/server:2022.8.2 restart: unless-stopped environment: - TIMEZONE={{ timezone }} - AUTHENTIK_REDIS__HOST=redis - AUTHENTIK_POSTGRESQL__HOST=db - AUTHENTIK_POSTGRESQL__USER=authentik - AUTHENTIK_POSTGRESQL__NAME=authentik - AUTHENTIK_POSTGRESQL__PASSWORD=authentik - AUTHENTIK_SECRET_KEY="{{ authentik_secret_key }}" - AUTHENTIK_DISABLE_STARTUP_ANALYTICS=true # Sending the hash of my secret key? No thanks - AUTHENTIK_EMAIL__HOST=smtp.eu.mailgun.org - AUTHENTIK_EMAIL__PORT=465 - AUTHENTIK_EMAIL__USERNAME={{ authentik_email_username }} - AUTHENTIK_EMAIL__PASSWORD={{ authentik_email_password }} - AUTHENTIK_EMAIL__USE_TLS=true - AUTHENTIK_EMAIL__FROM={{ authentik_email_from }} volumes: - "{{ app_data_dir }}/authentik/media:/media" - "{{ app_data_dir }}/authentik/custom-templates:/templates" - "{{ app_data_dir }}/authentik/certs:/certs" depends_on: - db - redis services: authentik: <<: *authentik command: server networks: - default - traefik labels: - traefik.enable=true - traefik.http.routers.authentik.rule=Host(`auth.jakehoward.tech`) - traefik.http.services.authentik-authentik.loadbalancer.server.port=9000 - traefik.http.middlewares.authentik-ratelimit.ratelimit.average=5 - traefik.http.middlewares.authentik-ratelimit.ratelimit.burst=1000 - traefik.http.routers.authentik.middlewares=authentik-ratelimit worker: <<: *authentik command: worker db: image: postgres:14-alpine restart: unless-stopped volumes: - /mnt/tank/dbs/postgres/authentik/:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=authentik - POSTGRES_USER=authentik redis: image: redis:6-alpine restart: unless-stopped volumes: - /mnt/tank/dbs/redis/authentik:/data networks: traefik: external: true