---

# Authentik
# 2FA for Docker apps
# Authentik
#   ↳ https://github.com/goauthentik/authentik
#   ↳ https://goauthentik.io/

services:
  authentik-postgresql:
    image: docker.io/library/postgres:12-alpine
    restart: unless-stopped
    container_name: authentik-postgresql
    networks: 
      - proxy
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - /home/fxequals/docker/authentik/database:/var/lib/postgresql/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      PUID: 1000
      PGID: 1000
      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
      POSTGRES_USER: ${PG_USER:-authentik}
      POSTGRES_DB: ${PG_DB:-authentik}
    env_file:
      - .env
  authentik-redis:
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    container_name: authentik-redis
    networks: 
      - proxy
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - /home/fxequals/docker/authentik/redis:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    environment:
      PUID: 1000
      PGID: 1000
  authentik-server:
    image: ghcr.io/goauthentik/server:latest
    restart: unless-stopped
    command: server
    container_name: authentik-server
    networks: 
      proxy:
        - ipv4_address: 172.18.1.10
    environment:
      PUID: 1000
      PGID: 1000
      AUTHENTIK_REDIS__HOST: authentik-redis
      AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    volumes:
      - /home/fxequals/docker/authentik/media:/media
      - /home/fxequals/docker/authentik/custom-templates:/templates
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    # ports:
    #   - 9090:9090
    #   - 9443:9443
    depends_on:
      - authentik-postgresql
      - authentik-redis
  authentik-worker:
    image: ghcr.io/goauthentik/server:latest
    restart: unless-stopped
    container_name: authentik-worker
    command: worker
    networks: 
      - proxy
    environment:
      PUID: 1000
      PGID: 1000
      AUTHENTIK_REDIS__HOST: authentik-redis
      AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql
      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
    # user: root
    volumes:
    #  - /var/run/docker.sock:/var/run/docker.sock
      - /home/fxequals/docker/authentik/media:/media
      - /home/fxequals/docker/authentik/certs:/certs
      - /home/fxequals/docker/authentik/custom-templates:/templates
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    depends_on:
      - authentik-postgresql
      - authentik-redis

networks:
  proxy:
    external: true