docker-compose.yaml 2.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. {% set tpl = ix_lib.base.render.Render(values) %}
  2. {% set c1 = tpl.add_container(values.consts.twofactor_auth_container_name, "image") %}
  3. {% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
  4. {% set perms_config = {"uid": values.consts.run_as_user, "gid": values.consts.run_as_group, "mode": "check"} %}
  5. {% do c1.set_user(values.consts.run_as_user, values.consts.run_as_group) %}
  6. {% do c1.healthcheck.set_test("wget", {"port": values.consts.internal_web_port, "path": "/up"}) %}
  7. {% do c1.environment.add_env("APP_ENV", "local") %}
  8. {% do c1.environment.add_env("APP_KEY", values.twofactor_auth.app_key) %}
  9. {% do c1.environment.add_env("APP_TIMEZONE", values.TZ) %}
  10. {% do c1.environment.add_env("APP_NAME", values.twofactor_auth.app_name) %}
  11. {% do c1.environment.add_env("APP_URL", values.twofactor_auth.app_url) %}
  12. {% do c1.environment.add_env("SITE_OWNER", values.twofactor_auth.site_owner_email) %}
  13. {% do c1.environment.add_env("AUTHENTICATION_GUARD", values.twofactor_auth.authentication_guard) %}
  14. {# /srv/database/database.sqlite is symlinked to /2fauth/database.sqlite #}
  15. {% do c1.environment.add_env("DB_DATABASE", "/srv/database/database.sqlite") %}
  16. {% do c1.environment.add_env("WEBAUTHN_USER_VERIFICATION", values.twofactor_auth.webauthn_user_verification) %}
  17. {% if values.twofactor_auth.authentication_guard == "reverse-proxy-guard" %}
  18. {% do c1.environment.add_env("AUTH_PROXY_HEADER_FOR_USER", values.twofactor_auth.authentication_header_user) %}
  19. {% do c1.environment.add_env("AUTH_PROXY_HEADER_FOR_EMAIL", values.twofactor_auth.authentication_header_email) %}
  20. {% endif %}
  21. {% if values.twofactor_auth.trusted_proxies %}
  22. {% do c1.environment.add_env("TRUSTED_PROXIES", values.twofactor_auth.trusted_proxies | join(",")) %}
  23. {% endif %}
  24. {% do c1.environment.add_user_envs(values.twofactor_auth.additional_envs) %}
  25. {% if not values.network.host_network %}
  26. {% do c1.add_port(values.network.web_port, {"container_port": values.consts.internal_web_port}) %}
  27. {% endif %}
  28. {% do c1.add_storage("/2fauth", values.storage.config) %}
  29. {% do perm_container.add_or_skip_action("2fauth", values.storage.config, perms_config) %}
  30. {% for store in values.storage.additional_storage %}
  31. {% do c1.add_storage(store.mount_path, store) %}
  32. {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
  33. {% endfor %}
  34. {% if perm_container.has_actions() %}
  35. {% do perm_container.activate() %}
  36. {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  37. {% endif %}
  38. {% do tpl.portals.add(values.network.web_port, {"port": values.consts.internal_web_port if values.network.host_network else None}) %}
  39. {{ tpl.render() | tojson }}