diff options
| author | RATDAD <lambda@disroot.org> | 2026-03-06 02:05:52 -0500 |
|---|---|---|
| committer | RATDAD <lambda@disroot.org> | 2026-03-06 02:05:52 -0500 |
| commit | 2578d12ea47d10130472a845244e4aaac48897cb (patch) | |
| tree | 3dc5ba45a79006d549cb9e551724a6a5d19f71b4 /stacks/iam/compose.yml | |
| parent | 88ba319238bb4af0106bc1a83fbbb1963af88fe1 (diff) | |
| download | rd-cloud-2578d12ea47d10130472a845244e4aaac48897cb.tar.gz rd-cloud-2578d12ea47d10130472a845244e4aaac48897cb.tar.bz2 rd-cloud-2578d12ea47d10130472a845244e4aaac48897cb.zip | |
checkpoint: development state
Diffstat (limited to 'stacks/iam/compose.yml')
| -rw-r--r-- | stacks/iam/compose.yml | 63 |
1 files changed, 38 insertions, 25 deletions
diff --git a/stacks/iam/compose.yml b/stacks/iam/compose.yml index af25bb9..3e516ca 100644 --- a/stacks/iam/compose.yml +++ b/stacks/iam/compose.yml @@ -1,54 +1,67 @@ -name: ${_STACK_0} +name: ${STACK} networks: - net_0: - name: ${_NET_0} + edge-net: + name: ${EDGE_NET} external: true - net_1: - name: ${_NET_1} + db-net: + name: ${DB_NET} + external: true + cache-net: volumes: - volume_0: - name: ${_VOLUME_0} + config: + name: ${IAM_CONFIG_VOLUME} external: true secrets: JWT_SECRET: - file: '/srv/secrets/auth/JWT_SECRET' + file: './srv/secrets/auth/JWT_SECRET' SESSION_SECRET: - file: '/srv/secrets/auth/SESSION_SECRET' + file: './srv/secrets/auth/SESSION_SECRET' STORAGE_ENCRYPTION: - file: '/srv/secrets/auth/STORAGE_ENCRYPTION' + file: './srv/secrets/auth/STORAGE_ENCRYPTION' OIDC_HMAC_SECRET: - file: '/srv/secrets/auth/OIDC_HMAC_SECRET' + file: './srv/secrets/auth/OIDC_HMAC_SECRET' + POSTGRES_PASSWORD: + file: './srv/secrets/auth/POSTGRES_PASSWORD' services: - auth: - container_name: ${_CONTAINER_0} + auth-test: + container_name: ${IAM_CONTAINER} image: authelia/authelia:latest restart: unless-stopped - secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET'] + secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET', 'POSTGRES_PASSWORD'] + environment: + AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET' + AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET' + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION' + AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: '/run/secrets/OIDC_HMAC_SECRET' + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/POSTGRES_PASSWORD' + X_AUTHELIA_CONFIG_FILTERS: 'template' env_file: - - .auth.env # Runtime Vars + - .run.env # Runtime Vars - .env # Stack Vars + user: "${UID}:${GID}" volumes: - - volume_0:/config/db - - /srv/secrets/auth/configuration.yml:/config/configuration.yml - - /srv/secrets/auth/users.yml:/config/users.yml - - /srv/secrets/auth/jwks/oidc-jwk.pem:/config/jwks/oidc-jwk.pem - - /srv/secrets/auth/jwks/oidc-jwk-pub.pem:/config/jwks/oidc-jwk-pub.pem + - config:/config + - ${CONFIG_FILE}:/config/configuration.yml + - ${USERS_FILE}:/config/users.yml + - ${JWK_PRIV_KEY}:/config/jwks/oidc-jwk.pem + - ${JWK_PUBL_KEY}:/config/jwks/oidc-jwk-pub.pem networks: - - net_0 - - net_1 + - edge-net + - db-net + - cache-net expose: - 9091 - auth-cache: - container_name: ${_CONTAINER_1} + auth-cache-test: + container_name: ${IAM_CACHE_CONTAINER} image: redis:latest restart: unless-stopped env_file: - .env networks: - - net_1 + - cache-net expose: - 6379 |