authelia/stack.staging.yml

x-authelia-env: &authelia-env
  X_AUTHELIA_EMAIL: authelia@nixc.us
  X_AUTHELIA_SITE_NAME: ATLAS
  X_AUTHELIA_CONFIG_FILTERS: template
  X_AUTHELIA_LDAP_DOMAIN: dc=nixc,dc=us
  TRAEFIK_DOMAIN: nixc.us

networks:
  default:
    driver: overlay
  traefik:
    external: true
  ad:
    external: true

services:
  authelia:
    image: git.nixc.us/nixius/authelia:staging-authelia
    command:
      - authelia
      - --config=/config/configuration.server.yml
      - --config=/config/configuration.ldap.yml
      - --config=/config/configuration.acl.yml
      - --config=/config/configuration.identity.providers.yml
      - --config=/config/configuration.oidc.clients.yml
    environment: *authelia-env
    volumes:
      - /mnt/tank/persist/nixc.us/authelia/staging/config:/config:rw
    networks:
      - traefik
      - default
      - ad
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        parallelism: 1
      restart_policy:
        condition: on-failure
      replicas: 1
      placement:
        constraints:
          - node.hostname == ingress.nixc.us
      labels:
        us.nixc.autodeploy: "true"
        traefik.enable: "true"
        traefik.docker.network: traefik
        traefik.http.routers.staging-authelia_authelia.rule: Host(`staging.login.nixc.us`)
        traefik.http.routers.staging-authelia_authelia.entrypoints: websecure
        traefik.http.routers.staging-authelia_authelia.tls: "true"
        traefik.http.routers.staging-authelia_authelia.tls.certresolver: letsencryptresolver
        traefik.http.routers.staging-authelia_authelia.service: authelia_authelia
        traefik.http.services.staging-authelia_authelia.loadbalancer.server.port: 9091
        traefik.http.middlewares.staging-authelia_authelia.forwardauth.address: http://authelia_authelia:9091/api/verify?rd=https://login.nixc.us/
        traefik.http.middlewares.staging-authelia_authelia.forwardauth.trustForwardHeader: "true"
        traefik.http.middlewares.staging-authelia_authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
        traefik.http.middlewares.staging-authelia-basic.forwardauth.address: http://authelia_authelia:9091/api/verify?auth=basic
        traefik.http.middlewares.staging-authelia-basic.forwardauth.trustForwardHeader: "true"
        traefik.http.middlewares.staging-authelia-basic.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email
    logging:
      driver: json-file
      options:
        max-size: 10m
        max-file: "3"

  redis:
    image: git.nixc.us/nixius/authelia:staging-redis
    command: redis-server --appendonly yes
    volumes:
      - /mnt/tank/persist/nixc.us/authelia/staging/redis:/data:rw
    networks:
      - default
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        parallelism: 1
      restart_policy:
        condition: on-failure
      replicas: 1
      placement:
        constraints:
          - node.hostname == ingress.nixc.us
      labels:
        us.nixc.autodeploy: "true"
        traefik.enable: "false"
    logging:
      driver: json-file
      options:
        max-size: 10m
        max-file: "3"

  mariadb:
    image: git.nixc.us/nixius/authelia:staging-mariadb
    environment:
      MYSQL_ROOT_PASSWORD: authelia
      MYSQL_DATABASE: authelia
      MYSQL_USER: authelia
      MYSQL_PASSWORD: authelia
    volumes:
      - /mnt/tank/persist/nixc.us/authelia/staging/db:/var/lib/mysql:rw
    networks:
      - default
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        parallelism: 1
      restart_policy:
        condition: on-failure
      replicas: 1
      placement:
        constraints:
          - node.hostname == ingress.nixc.us
     

      labels:
        us.nixc.autodeploy: "true"
        traefik.enable: "false"
    logging:
      driver: json-file
      options:
        max-size: 10m
        max-file: "3"