From d464cf89a0ccf5f6697541ad7b7b56b8f03353c6 Mon Sep 17 00:00:00 2001
From: "azykov@mail.ru" <azykov@mail.ru>
Date: Mon, 13 Apr 2026 13:02:26 +0300
Subject: [PATCH] added authentik

---
 authentik/.env        |  3 ++
 authentik/compose.yml | 85 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 authentik/.env
 create mode 100644 authentik/compose.yml

diff --git a/authentik/.env b/authentik/.env
new file mode 100644
index 0000000..a770ee6
--- /dev/null
+++ b/authentik/.env
@@ -0,0 +1,3 @@
+PG_PASS=k6jvY2g0MMo7ObX7xMVNLL3fSkrVZNcqKzC6z1rNnhlb4slS
+AUTHENTIK_SECRET_KEY=JCM1VPqhJ+5PSpq9Zizs9UHrEpa1lz7d1URxOXBSXvBW6X9KcTivPcocq3N6QuwhYhAJlmKgLH4H3qrG
+AUTHENTIK_ERROR_REPORTING__ENABLED=false
\ No newline at end of file
diff --git a/authentik/compose.yml b/authentik/compose.yml
new file mode 100644
index 0000000..58e6c7d
--- /dev/null
+++ b/authentik/compose.yml
@@ -0,0 +1,85 @@
+services:
+  
+  postgresql:
+    image: docker.io/library/postgres:16-alpine
+    container_name: authentik_db
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      POSTGRES_DB: ${PG_DB:-authentik}
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+      - CMD-SHELL
+      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
+      timeout: 5s
+    volumes:
+      - /docker/data/authentik/db:/var/lib/postgresql/data
+    networks:
+      - net
+
+  server:
+    image: ghcr.io/goauthentik/server:2026.2
+    container_name: authentik_server
+    restart: always
+    user: root
+    depends_on:
+      postgresql:
+        condition: service_healthy
+    env_file:
+      - .env  
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}      
+      AUTHENTIK_POSTGRESQL__SSLMODE: disable
+      AUTHENTIK_OUTPOSTS__DISCOVER: false
+    ports:
+      - 9000:9000
+    shm_size: 512mb
+    volumes:
+      - /docker/data/authentik/data:/data
+      - /docker/data/authentik/templates:/templates
+    command: server
+    networks:
+      - net
+      - caddy_default
+
+  worker:
+    image: ghcr.io/goauthentik/server:2026.2
+    container_name: authentik_worker
+    restart: always
+    user: root
+    depends_on:
+      postgresql:
+        condition: service_healthy
+    env_file:
+      - .env
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
+    shm_size: 512mb
+    volumes:
+    # - /var/run/docker.sock:/var/run/docker.sock
+      - /docker/data/authentik/data:/data
+      - /docker/data/authentik/templates:/templates
+      - /docker/data/authentik/certs:/certsx
+    command: worker
+    networks:
+      - net
+
+networks:
+  net: 
+    internal: true
+  caddy_default:
+    external: true