authelia

2023-03-31 11:55:03 +02:00 · 2023-03-31 11:55:03 +02:00 · 5a282d8c0f
parent 905d25a641
commit 5a282d8c0f
2 changed files with 72 additions and 1 deletions
--- a/docker-compose/authelia/docker-compose.yaml.j2
+++ b/docker-compose/authelia/docker-compose.yaml.j2
@ -0,0 +1,69 @@
+---
+version: "3.8"
+services:
+######## App ########
+  authelia:
+    container_name: authelia-app
+    image: docker.io/authelia/authelia:4
+    restart: always
+    networks:
+      - aaa
+      - intern
+    expose:
+      - 9091
+    environment:
+      TZ: Europe/Berlin
+      AUTHELIA_JWT_SECRET: {{ lookup('keepass', 'AUTHELIA_JWT_SECRET', 'password') }}
+      AUTHELIA_SESSION_SECRET: {{ lookup('keepass', 'AUTHELIA_SESSION_SECRET', 'password') }}
+      AUTHELIA_STORAGE_POSTGRES_PASSWORD: {{ lookup('keepass', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', 'password') }}
+      AUTHELIA_STORAGE_ENCRYPTION_KEY: {{ lookup('keepass', 'AUTHELIA_STORAGE_ENCRYPTION_KEY', 'password') }}
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
+      - com.centurylinklabs.watchtower.depends-on=authelia-postgres,authelia-redis
+    volumes:
+      - ./config:/config
+######## PostGreSQL ########
+  db:
+    container_name: "authelia-postgres"
+    image: postgres:13
+    restart: always
+    environment:
+      - POSTGRES_USER=authelia
+      - POSTGRES_PASSWORD={{ lookup('keepass', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', 'password') }}
+      - TZ=Europe/Berlin
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    networks:
+      - intern
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
+      - com.centurylinklabs.watchtower.monitor-only=true
+######## Redis ########
+  redis:
+    image: redis:alpine
+    container_name: authelia-redis
+    volumes:
+      - redis:/data
+    networks:
+      - net
+    expose:
+      - 6379
+    restart: always
+    environment:
+      - TZ=Europe/Berlin
+    labels:
+      - com.centurylinklabs.watchtower.enable=true
+
+
+networks:
+  nw_aaa:
+    external: true
+  intern:
+
+volumes:
+  postgres:
+  redis:
+
+
+
+# redis
--- a/host_vars/docker10.grote.lan.yml
+++ b/host_vars/docker10.grote.lan.yml
@ -80,7 +80,9 @@
    - name: lldap
      state: present
      network: traefik
-
+    - name: authelia
+      state: present
+      network: nw_aaa
  #### mgrote.set_permissions
  dir_permissions:
    - path: /mnt/httpd