From 25b8f25826c559f1ca852eb46a2f749ff8834b07 Mon Sep 17 00:00:00 2001 From: Carl Schwan Date: Mon, 8 Dec 2025 14:34:09 +0100 Subject: [PATCH] feat: Add authentik as a service Signed-off-by: Carl Schwan --- docker-compose.yml | 66 ++++++++++++++++++++++++++++++++++++++++++++ docs/services/sso.md | 8 ++++++ 2 files changed, 74 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 712dbf73..32bfb26c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -62,6 +62,7 @@ services: - phpmyadmin${DOMAIN_SUFFIX} - talk-signaling${DOMAIN_SUFFIX} - talk-recording${DOMAIN_SUFFIX} + - authentik${DOMAIN_SUFFIX} extra_hosts: - host.docker.internal:host-gateway @@ -1155,6 +1156,69 @@ services: - EX_APPS_NET=${EX_APPS_NET:-ipv4@localhost} - EX_APPS_COUNT=${EX_APPS_COUNT:-50} + authentik-postgresql: + env_file: + - .env + environment: + POSTGRES_DB: ${PG_DB:-authentik} + POSTGRES_PASSWORD: authentik-database + POSTGRES_USER: ${PG_USER:-authentik} + healthcheck: + interval: 30s + retries: 5 + start_period: 20s + test: + - CMD-SHELL + - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} + timeout: 5s + image: docker.io/library/postgres:16-alpine + restart: unless-stopped + volumes: + - authentik-database:/var/lib/postgresql/data + authentik-worker: + command: worker + depends_on: + authentik-postgresql: + condition: service_healthy + env_file: + - .env + environment: + AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: authentik-database + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_SECRET_KEY: authentik-secret + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.2} + restart: unless-stopped + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./authentik-media:/media + - ./authentik-certs:/certs + - ./authentik-custom-templates:/templates + + authentik: + command: server + depends_on: + authentik-postgresql: + condition: service_healthy + authentik-worker: + condition: service_healthy + environment: + AUTHENTIK_POSTGRESQL__HOST: authentik-postgresql + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: authentik-database + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_SECRET_KEY: authentik-secret + VIRTUAL_HOST: "authentik${DOMAIN_SUFFIX}" + VIRTUAL_PORT: 9000 + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.2} + ports: + - ${COMPOSE_PORT_HTTP:-9000}:9000 + restart: unless-stopped + volumes: + - ./authentik-media:/media + - ./authentik-custom-templates:/templates volumes: data: @@ -1178,6 +1242,8 @@ volumes: elasticsearch_data: clam: mariadb_primary_data: + authentik-database: + driver: local networks: default: diff --git a/docs/services/sso.md b/docs/services/sso.md index f6117c57..f78b125f 100644 --- a/docs/services/sso.md +++ b/docs/services/sso.md @@ -10,6 +10,14 @@ - nextcloud - 09e3c268-d8bc-42f1-b7c6-74d307ef5fde +## Authentik + +``` +docker compose up -d proxy nextcloud authentik +``` + +The server will be available on [http://authentik.local:9000](http://authentik.local:9000) and you can follow [authentik documentation](https://integrations.goauthentik.io/chat-communication-collaboration/nextcloud/) to understand how to configure Nextcloud with SAML (but also OIDC and LDAP). + ## SAML ```