name: authentication services: postgresql: image: postgres:12-alpine environment: - POSTGRES_USER=authentik - POSTGRES_DB=authentik - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_passwd healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - database:/var/lib/postgresql/data secrets: - postgres_passwd restart: unless-stopped redis: image: redis:alpine command: --save 60 1 --loglevel warning healthcheck: test: ["CMD-SHELL", "redis-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - redis:/data restart: unless-stopped server: image: ghcr.io/goauthentik/server:2022.12.2 command: server environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/postgres_passwd AUTHENTIK_SECRET_KEY: file:///run/secrets/secret_key expose: - 9443 networks: - default - traefik - macvlan restart: unless-stopped volumes: - media:/media - custom-templates:/templates secrets: - postgres_passwd - secret_key labels: traefik.enable: true worker: image: ghcr.io/goauthentik/server:2022.12.2 command: worker environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/postgres_passwd AUTHENTIK_SECRET_KEY: file:///run/secrets/secret_key volumes: - media:/media - certs:/certs - custom-templates:/templates secrets: - postgres_passwd - secret_key restart: unless-stopped networks: macvlan: external: true traefik: external: true volumes: database: redis: media: certs: custom-templates: secrets: postgres_passwd: file: ${NASCOMPOSE_SERVICES?}/secrets/authentik/postgres_passwd secret_key: file: ${NASCOMPOSE_SERVICES?}/secrets/authentik/secret_key