123 lines
3.5 KiB
YAML
123 lines
3.5 KiB
YAML
version: '3.7'
|
|
x-authelia-env: &authelia-env
|
|
X_AUTHELIA_EMAIL: "authelia@nixc.us"
|
|
X_AUTHELIA_SITE_NAME: ATLAS
|
|
# X_AUTHELIA_DUO_HOSTNAME: my_duo_hostname
|
|
X_AUTHELIA_CONFIG_FILTERS: template
|
|
X_AUTHELIA_LDAP_DOMAIN: dc=nixc,dc=us
|
|
TRAEFIK_DOMAIN: nixc.us
|
|
# CONFIG: /home/deleted-porcupine/docker-configs
|
|
|
|
secrets:
|
|
AUTHENTICATION_BACKEND_LDAP_PASSWORD:
|
|
external: true
|
|
CLIENT_SECRET_HEADSCALE:
|
|
external: true
|
|
IDENTITY_PROVIDERS_OIDC_HMAC_SECRET:
|
|
external: true
|
|
IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY:
|
|
external: true
|
|
IDENTITY_PROVIDERS_OIDC_JWKS_KEY:
|
|
external: true
|
|
IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET:
|
|
external: true
|
|
NOTIFIER_SMTP_PASSWORD:
|
|
external: true
|
|
SESSION_SECRET:
|
|
external: true
|
|
STORAGE_ENCRYPTION_KEY:
|
|
external: true
|
|
|
|
networks:
|
|
default:
|
|
driver: overlay
|
|
traefik:
|
|
external: true
|
|
ad:
|
|
external: true
|
|
services:
|
|
authelia:
|
|
image: git.nixc.us/nixius/authelia:production-authelia
|
|
secrets:
|
|
- AUTHENTICATION_BACKEND_LDAP_PASSWORD
|
|
- CLIENT_SECRET_HEADSCALE
|
|
- IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
|
|
- IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
|
|
- IDENTITY_PROVIDERS_OIDC_JWKS_KEY
|
|
- IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
|
|
- NOTIFIER_SMTP_PASSWORD
|
|
- SESSION_SECRET
|
|
- STORAGE_ENCRYPTION_KEY
|
|
environment:
|
|
<<: *authelia-env
|
|
dns:
|
|
- 1.1.1.1
|
|
- 9.9.9.9
|
|
networks:
|
|
- traefik
|
|
- default
|
|
- ad
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
## - node.labels.role == db
|
|
- node.hostname == ingress.nixc.us
|
|
# - node.labels.mac-rack == true
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.routers.authelia_authelia.rule: Host(`login.nixc.us`)
|
|
traefik.http.routers.authelia_authelia.entryPoints: websecure
|
|
traefik.http.routers.authelia_authelia.service: "authelia_authelia"
|
|
traefik.http.routers.authelia_authelia.tls.certresolver: "letsencryptresolver"
|
|
traefik.http.services.authelia_authelia.loadbalancer.server.port: "9091"
|
|
traefik.http.routers.authelia_authelia.tls: "true"
|
|
traefik.http.middlewares.authelia_authelia.forwardAuth.address: http://authelia:9091/api/authz/forward-auth
|
|
traefik.docker.network: traefik
|
|
redis:
|
|
image: git.nixc.us/nixius/authelia:production-redis
|
|
# command: redis-server --appendonly yes
|
|
deploy:
|
|
replicas: 1
|
|
placement:
|
|
constraints:
|
|
## - node.labels.role == db
|
|
- node.hostname == ingress.nixc.us
|
|
# - node.labels.mac-rack == true
|
|
# preferences:
|
|
# - spread: node.id
|
|
labels:
|
|
- traefik.enable=false
|
|
- "us.nixc.autodeploy=true"
|
|
volumes:
|
|
- /mnt/tank/persist/nixc.us/authelia/production/redis:/data
|
|
networks:
|
|
- default
|
|
|
|
mariadb:
|
|
image: git.nixc.us/nixius/authelia:production-mariadb
|
|
# restart: always
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: authelia
|
|
MYSQL_DATABASE: authelia
|
|
MYSQL_USER: authelia
|
|
MYSQL_PASSWORD: authelia
|
|
volumes:
|
|
- '/mnt/tank/persist/nixc.us/authelia/production/db:/var/lib/mysql'
|
|
deploy:
|
|
replicas: 1
|
|
placement:
|
|
constraints:
|
|
## - node.labels.role == db
|
|
- node.hostname == ingress.nixc.us
|
|
# - node.labels.mac-rack == true
|
|
# placement:
|
|
# constraints:
|
|
# - node.role == manager
|
|
# preferences:
|
|
# - spread: node.id
|
|
labels:
|
|
- traefik.enable=false
|
|
- "us.nixc.autodeploy=true"
|
|
networks:
|
|
- default
|