From 37dc3b82d90287c48ff6b0c1d4895fe94af619f2 Mon Sep 17 00:00:00 2001 From: Florian Zirker Date: Tue, 18 Mar 2025 15:04:33 +0100 Subject: [PATCH] Starting with Authentik --- auth/docker-compose.yml | 90 +++++++++++++++++++++++++++++++++++ paperless/docker-compose.yaml | 3 ++ proxy/Caddyfile | 6 ++- proxy/docker-compose.yaml | 2 - start-all.sh | 1 + 5 files changed, 99 insertions(+), 3 deletions(-) create mode 100644 auth/docker-compose.yml diff --git a/auth/docker-compose.yml b/auth/docker-compose.yml new file mode 100644 index 0000000..1214623 --- /dev/null +++ b/auth/docker-compose.yml @@ -0,0 +1,90 @@ +services: + + authentik-server: + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} + restart: unless-stopped + command: server + environment: + - AUTHENTIK_REDIS__HOST=redis + - AUTHENTIK_POSTGRESQL__HOST=postgresql + - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} + - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} + - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} + - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} + - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED} + volumes: + - ${VOLUMES_PATH}/auth/media:/media + - ${VOLUMES_PATH}/auth/custom-templates:/templates + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + networks: + - web + - auth + + authentik-worker: + image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION} + restart: unless-stopped + command: worker + environment: + - AUTHENTIK_REDIS__HOST=redis + - AUTHENTIK_POSTGRESQL__HOST=postgresql + - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} + - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} + - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} + - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} + - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED} + user: root + volumes: + # - /var/run/docker.sock:/var/run/docker.sock + - ${VOLUMES_PATH}/auth/media:/media + - ${VOLUMES_PATH}/auth/certs:/certs + - ${VOLUMES_PATH}/auth/custom-templates:/templates + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + networks: + - auth + + postgresql: + image: postgres:${POSTGRES_VERSION} + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - ${VOLUMES_PATH}/auth/postgres/:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_DB=${POSTGRES_DB} + networks: + - auth + + redis: + image: redis:${REDIS_VERSION} + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ${VOLUMES_PATH}/auth/redis:/data + networks: + - auth + + +networks: + auth: + web: + external: true diff --git a/paperless/docker-compose.yaml b/paperless/docker-compose.yaml index 20b0079..5688a55 100644 --- a/paperless/docker-compose.yaml +++ b/paperless/docker-compose.yaml @@ -60,6 +60,9 @@ services: - USERMAP_GID=1000 - PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py - PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON} + - PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect + - PAPERLESS_SOCIALACCOUNT_PROVIDERS=${PAPERLESS_SOCIALACCOUNT_PROVIDERS} + - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://paperless.home.florianzirker.de,https://auth.home.florianzirker.de labels: - "docker.group=paperless" diff --git a/proxy/Caddyfile b/proxy/Caddyfile index bc24cc5..d723d79 100644 --- a/proxy/Caddyfile +++ b/proxy/Caddyfile @@ -4,7 +4,6 @@ output stdout format console } - debug } *.{$DOMAIN} { @@ -66,6 +65,11 @@ reverse_proxy transmission:9091 } + @auth host auth.{$DOMAIN} + handle @auth { + reverse_proxy authentik-server:9000 + } + # Fallback unhandled (sub)domains handle { error 404 diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml index 9f0eaac..7c587c9 100644 --- a/proxy/docker-compose.yaml +++ b/proxy/docker-compose.yaml @@ -37,6 +37,4 @@ services: networks: web: external: true - dockersocket: - external: true diff --git a/start-all.sh b/start-all.sh index 8010786..69b5585 100755 --- a/start-all.sh +++ b/start-all.sh @@ -6,6 +6,7 @@ function up { } up proxy; +up auth; up monitoring; up smartHome; up dashboard;