name: ${_STACK_0}

networks:
  net_0:
    name: ${_NET_0}
    external: true
  net_1:
    name: ${_NET_1}

volumes:
  volume_0:
    name: ${_VOLUME_0}
    external: true

secrets:
  JWT_SECRET:
    file: '/srv/secrets/auth/JWT_SECRET'
  SESSION_SECRET:
    file: '/srv/secrets/auth/SESSION_SECRET'
  STORAGE_ENCRYPTION:
    file: '/srv/secrets/auth/STORAGE_ENCRYPTION'
  OIDC_HMAC_SECRET:
    file: '/srv/secrets/auth/OIDC_HMAC_SECRET'

services:
  auth:
    container_name: ${_CONTAINER_0}
    image: authelia/authelia:latest
    restart: unless-stopped
    secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', 'OIDC_HMAC_SECRET']
    env_file:
      - .auth.env # Runtime Vars
      - .env # Stack Vars
    volumes:
      - volume_0:/config/db
      - /srv/secrets/auth/configuration.yml:/config/configuration.yml
      - /srv/secrets/auth/users.yml:/config/users.yml
      - /srv/secrets/auth/jwks/oidc-jwk.pem:/config/jwks/oidc-jwk.pem
      - /srv/secrets/auth/jwks/oidc-jwk-pub.pem:/config/jwks/oidc-jwk-pub.pem
    networks:
      - net_0
      - net_1
    expose:
      - 9091
  auth-cache:
    container_name: ${_CONTAINER_1}
    image: redis:latest
    restart: unless-stopped
    env_file:
      - .env
    networks:
      - net_1
    expose:
      - 6379