ホーム エクスプローラ ヘルプ
登録 サインイン
root
/
apps
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ツリー: cc8356e297
ブランチ タグ
apps
/
ix-dev
/
community
/
authentik
/
templates
/
docker-compose.yaml

docker-compose.yaml 6.8 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. {% set tpl = ix_lib.base.render.Render(values) %}
    2. 

  2. 

  3. {% set server = tpl.add_container(values.consts.server_container_name, "image") %}
    4. 

  4. {% set worker = tpl.add_container(values.consts.worker_container_name, "image") %}
    5. 

  5. {% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
    6. 

  6. {% set perm_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %}
    7. 

  7. 

  8. {% set pg_config = {
    9. 

  9.   "user": values.consts.db_user,
    10. 

  10.   "password": values.authentik.db_password,
    11. 

  11.   "database": values.consts.db_name,
    12. 

  12.   "volume": values.storage.postgres_data,
    13. 

  13. } %}
    14. 

  14. {% set postgres = tpl.deps.postgres(
    15. 

  15.   values.consts.postgres_container_name,
    16. 

  16.   values.authentik.postgres_image_selector,
    17. 

  17.   pg_config, perm_container
    18. 

  18. ) %}
    19. 

  19. 

  20. {% set redis_config = {
    21. 

  21.   "password": values.authentik.redis_password,
    22. 

  22.   "volume": {"type": "temporary", "volume_config": {"volume_name": "redis-data"}},
    23. 

  23. } %}
    24. 

  24. {% set redis = tpl.deps.redis(values.consts.redis_container_name, "redis_image", redis_config, perm_container) %}
    25. 

  25. 

  26. {% do server.set_command(["server"]) %}
    27. 

  27. {% do worker.set_command(["worker"]) %}
    28. 

  28. 

  29. {% do server.set_user(values.run_as.user, values.run_as.group) %}
    30. 

  30. {% do worker.set_user(values.run_as.user, values.run_as.group) %}
    31. 

  31. 

  32. {% do server.healthcheck.set_custom_test("/lifecycle/ak healthcheck") %}
    33. 

  33. {% do worker.healthcheck.set_custom_test("/lifecycle/ak healthcheck") %}
    34. 

  34. 

  35. {% do server.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}
    36. 

  36. {% do worker.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}
    37. 

  37. 

  38. {% do server.depends.add_dependency(values.consts.redis_container_name, "service_healthy") %}
    39. 

  39. {% do worker.depends.add_dependency(values.consts.redis_container_name, "service_healthy") %}
    40. 

  40. 

  41. {% do server.environment.add_env("AUTHENTIK_LISTEN__HTTP", "0.0.0.0:%d"|format(values.network.http_port.port_number)) %}
    42. 

  42. {% do server.environment.add_env("AUTHENTIK_LISTEN__HTTPS", "0.0.0.0:%d"|format(values.network.https_port.port_number)) %}
    43. 

  43. 

  44. {% do server.environment.add_env("AUTHENTIK_POSTGRESQL__HOST", values.consts.postgres_container_name) %}
    45. 

  45. {% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__HOST", values.consts.postgres_container_name) %}
    46. 

  46. 

  47. {% do server.environment.add_env("AUTHENTIK_POSTGRESQL__PORT", 5432) %}
    48. 

  48. {% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__PORT", 5432) %}
    49. 

  49. 

  50. {% do server.environment.add_env("AUTHENTIK_POSTGRESQL__NAME", values.consts.db_name) %}
    51. 

  51. {% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__NAME", values.consts.db_name) %}
    52. 

  52. 

  53. {% do server.environment.add_env("AUTHENTIK_POSTGRESQL__USER", values.consts.db_user) %}
    54. 

  54. {% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__USER", values.consts.db_user) %}
    55. 

  55. 

  56. {% do server.environment.add_env("AUTHENTIK_POSTGRESQL__PASSWORD", values.authentik.db_password) %}
    57. 

  57. {% do worker.environment.add_env("AUTHENTIK_POSTGRESQL__PASSWORD", values.authentik.db_password) %}
    58. 

  58. 

  59. {% do server.environment.add_env("AUTHENTIK_REDIS__HOST", values.consts.redis_container_name) %}
    60. 

  60. {% do worker.environment.add_env("AUTHENTIK_REDIS__HOST", values.consts.redis_container_name) %}
    61. 

  61. 

  62. {% do server.environment.add_env("AUTHENTIK_REDIS__PORT", 6379) %}
    63. 

  63. {% do worker.environment.add_env("AUTHENTIK_REDIS__PORT", 6379) %}
    64. 

  64. 

  65. {% do server.environment.add_env("AUTHENTIK_REDIS__PASSWORD", values.authentik.redis_password) %}
    66. 

  66. {% do worker.environment.add_env("AUTHENTIK_REDIS__PASSWORD", values.authentik.redis_password) %}
    67. 

  67. 

  68. {% do server.environment.add_env("AUTHENTIK_SECRET_KEY", values.authentik.secret_key) %}
    69. 

  69. {% do worker.environment.add_env("AUTHENTIK_SECRET_KEY", values.authentik.secret_key) %}
    70. 

  70. 

  71. {% if values.authentik.setup_email %}
    72. 

  72.   {% do server.environment.add_env("AUTHENTIK_EMAIL__HOST", values.authentik.email.host) %}
    73. 

  73.   {% do worker.environment.add_env("AUTHENTIK_EMAIL__HOST", values.authentik.email.host) %}
    74. 

  74. 

  75.   {% do server.environment.add_env("AUTHENTIK_EMAIL__PORT", values.authentik.email.port) %}
    76. 

  76.   {% do worker.environment.add_env("AUTHENTIK_EMAIL__PORT", values.authentik.email.port) %}
    77. 

  77. 

  78.   {% do server.environment.add_env("AUTHENTIK_EMAIL__FROM", values.authentik.email.from) %}
    79. 

  79.   {% do worker.environment.add_env("AUTHENTIK_EMAIL__FROM", values.authentik.email.from) %}
    80. 

  80. 

  81.   {% do server.environment.add_env("AUTHENTIK_EMAIL__USERNAME", values.authentik.email.username) %}
    82. 

  82.   {% do worker.environment.add_env("AUTHENTIK_EMAIL__USERNAME", values.authentik.email.username) %}
    83. 

  83. 

  84.   {% do server.environment.add_env("AUTHENTIK_EMAIL__PASSWORD", values.authentik.email.password) %}
    85. 

  85.   {% do worker.environment.add_env("AUTHENTIK_EMAIL__PASSWORD", values.authentik.email.password) %}
    86. 

  86. 

  87.   {% if values.authentik.email.security == "ssl" %}
    88. 

  88.     {% do server.environment.add_env("AUTHENTIK_EMAIL__USE_SSL", true) %}
    89. 

  89.     {% do worker.environment.add_env("AUTHENTIK_EMAIL__USE_SSL", true) %}
    90. 

  90.   {% elif values.authentik.email.security == "tls" %}
    91. 

  91.     {% do server.environment.add_env("AUTHENTIK_EMAIL__USE_TLS", true) %}
    92. 

  92.     {% do worker.environment.add_env("AUTHENTIK_EMAIL__USE_TLS", true) %}
    93. 

  93.   {% endif %}
    94. 

  94. {% endif %}
    95. 

  95. 

  96. {% do server.environment.add_user_envs(values.authentik.additional_envs) %}
    97. 

  97. {% do worker.environment.add_user_envs(values.authentik.additional_envs) %}
    98. 

  98. 

  99. {% do server.add_port(values.network.http_port) %}
    100. 

  100. {% do server.add_port(values.network.https_port) %}
    101. 

  101. 

  102. {% if values.authentik.mount_docker_socket %}
    103. 

  103.   {% do worker.add_docker_socket(read_only=False) %}
    104. 

  104. {% endif %}
    105. 

  105. 

  106. {% do server.add_storage("/media", values.storage.media) %}
    107. 

  107. {% do worker.add_storage("/media", values.storage.media) %}
    108. 

  108. {% do perm_container.add_or_skip_action("media", values.storage.media, perm_config) %}
    109. 

  109. 

  110. {% do server.add_storage("/templates", values.storage.templates) %}
    111. 

  111. {% do worker.add_storage("/templates", values.storage.templates) %}
    112. 

  112. {% do perm_container.add_or_skip_action("templates", values.storage.templates, perm_config) %}
    113. 

  113. 

  114. {% do server.add_storage("/certs", values.storage.certs) %}
    115. 

  115. {% do worker.add_storage("/certs", values.storage.certs) %}
    116. 

  116. {% do perm_container.add_or_skip_action("certs", values.storage.certs, perm_config) %}
    117. 

  117. 

  118. {% for store in values.storage.additional_storage %}
    119. 

  119.   {% do server.add_storage(store.mount_path, store) %}
    120. 

  120.   {% do worker.add_storage(store.mount_path, store) %}
    121. 

  121.   {% do perm_container.add_or_skip_action(store.mount_path, store, perm_config) %}
    122. 

  122. {% endfor %}
    123. 

  123. 

  124. {% if perm_container.has_actions() %}
    125. 

  125.   {% do perm_container.activate() %}
    126. 

  126.   {% do server.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
    127. 

  127.   {% do worker.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
    128. 

  128.   {% do postgres.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
    129. 

  129. {% endif %}
    130. 

  130. 

  131. {% do tpl.portals.add(values.network.http_port, {"name": "HTTP"}) %}
    132. 

  132. {% do tpl.portals.add(values.network.https_port, {"name": "HTTPS", "scheme": "https"}) %}
    133. 

  133. 

  134. {{ tpl.render() | tojson }}
    135.