version: '3.7' x-authelia-env: &authelia-env X_AUTHELIA_EMAIL: "authelia@nixc.us" X_AUTHELIA_SITE_NAME: ATLAS # X_AUTHELIA_DUO_HOSTNAME: my_duo_hostname X_AUTHELIA_CONFIG_FILTERS: template X_AUTHELIA_LDAP_DOMAIN: dc=nixc,dc=us TRAEFIK_DOMAIN: nixc.us, fansdb.cc, fansdb.xyz, ohmyform.com, colinknapp.com # CONFIG: /home/deleted-porcupine/docker-configs secrets: AUTHENTICATION_BACKEND_LDAP_PASSWORD: external: true CLIENT_SECRET_HEADSCALE: external: true CLIENT_SECRET_HEADADMIN: external: true IDENTITY_PROVIDERS_OIDC_HMAC_SECRET: external: true IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY: external: true IDENTITY_PROVIDERS_OIDC_JWKS_KEY: external: true IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET: external: true NOTIFIER_SMTP_PASSWORD: external: true SESSION_SECRET: external: true STORAGE_ENCRYPTION_KEY: external: true networks: default: driver: overlay traefik: external: true ad: external: true services: authelia: image: git.nixc.us/nixius/authelia:production-authelia secrets: - AUTHENTICATION_BACKEND_LDAP_PASSWORD - CLIENT_SECRET_HEADSCALE - CLIENT_SECRET_HEADADMIN - IDENTITY_PROVIDERS_OIDC_HMAC_SECRET - IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY - IDENTITY_PROVIDERS_OIDC_JWKS_KEY - IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET - NOTIFIER_SMTP_PASSWORD - SESSION_SECRET - STORAGE_ENCRYPTION_KEY environment: <<: *authelia-env dns: - 1.1.1.1 - 9.9.9.9 networks: - traefik - default - ad deploy: placement: constraints: ## - node.labels.role == db - node.hostname == ingress.nixc.us # - node.labels.mac-rack == true labels: homepage.group: Infrastructure homepage.name: Authelia homepage.href: https://login.nixc.us homepage.description: ATLAS traefik.enable: "true" traefik.http.routers.authelia_authelia.rule: Host(`login.nixc.us`) traefik.http.routers.authelia_authelia.entryPoints: websecure traefik.http.routers.authelia_authelia.service: "authelia_authelia" traefik.http.routers.authelia_authelia.tls.certresolver: "letsencryptresolver" traefik.http.services.authelia_authelia.loadbalancer.server.port: "9091" traefik.http.routers.authelia_authelia.tls: "true" traefik.http.middlewares.authelia_authelia.forwardAuth.address: http://authelia:9091/api/authz/forward-auth traefik.docker.network: traefik redis: image: git.nixc.us/nixius/authelia:production-redis # command: redis-server --appendonly yes deploy: replicas: 1 placement: constraints: ## - node.labels.role == db - node.hostname == ingress.nixc.us # - node.labels.mac-rack == true # preferences: # - spread: node.id labels: - traefik.enable=false - "us.nixc.autodeploy=true" volumes: - /mnt/tank/persist/nixc.us/authelia/production/redis:/data networks: - default mariadb: image: git.nixc.us/nixius/authelia:production-mariadb # restart: always environment: MYSQL_ROOT_PASSWORD: authelia MYSQL_DATABASE: authelia MYSQL_USER: authelia MYSQL_PASSWORD: authelia volumes: - '/mnt/tank/persist/nixc.us/authelia/production/db:/var/lib/mysql' deploy: replicas: 1 placement: constraints: ## - node.labels.role == db - node.hostname == ingress.nixc.us # - node.labels.mac-rack == true # placement: # constraints: # - node.role == manager # preferences: # - spread: node.id labels: - traefik.enable=false - "us.nixc.autodeploy=true" networks: - default