diff --git a/services/authentik.hcl b/services/authentik.hcl new file mode 100644 index 0000000..169ab7b --- /dev/null +++ b/services/authentik.hcl @@ -0,0 +1,97 @@ +job "authentik" { + datacenters = ["alo"] + + group "auth" { + network { + port "http" { + to = 9000 + } + port "https" { + to = 9443 + } + } + + task "server" { + driver = "docker" + + config { + image = "ghcr.io/goauthentik/server:2023.6.1" + ports = [ + "http", + "https" + ] + command = "server" + } + + env { + AUTHENTIK_REDIS__HOST = "redis.service.consul" + AUTHENTIK_POSTGRESQL__HOST = "postgres.service.consul" + AUTHENTIK_POSTGRESQL__NAME = "${var.pg_db}" + AUTHENTIK_POSTGRESQL__USER = "${var.pg_user}" + AUTHENTIK_POSTGRESQL__PASSWORD = "${var.pg_password}" + AUTHENTIK_SECRET_KEY = "${var.secret_key}" + AUTHENTIK_EMAIL__HOST = "192.168.1.1" + AUTHENTIK_EMAIL__FROM = "authentik@paler.net" + } + + resources { + cpu = 2000 + memory = 1024 + } + + service { + name = "authentik" + port = "http" + tags = [ + "traefik.enable=true", + "traefik.http.routers.authentik.entryPoints=websecure", + ] + } + } + + task "worker" { + driver = "docker" + + config { + image = "ghcr.io/goauthentik/server:2023.6.1" + command = "worker" + } + + env { + AUTHENTIK_REDIS__HOST = "redis.service.consul" + AUTHENTIK_POSTGRESQL__HOST = "postgres.service.consul" + AUTHENTIK_POSTGRESQL__NAME = "${var.pg_db}" + AUTHENTIK_POSTGRESQL__USER = "${var.pg_user}" + AUTHENTIK_POSTGRESQL__PASSWORD = "${var.pg_password}" + AUTHENTIK_SECRET_KEY = "${var.secret_key}" + AUTHENTIK_EMAIL__HOST = "192.168.1.1" + AUTHENTIK_EMAIL__FROM = "authentik@paler.net" + } + + resources { + cpu = 1000 + memory = 1024 + } + } + } +} + +variable "pg_user" { + type = string + default = "authentik" +} + +variable "pg_password" { + type = string + default = "aQueiquuo6aiyah5eoch" +} + +variable "pg_db" { + type = string + default = "authentik" +} + +variable "secret_key" { + type = string + default = "uUzCYhGV93Z8wKLAScuGFqBskxyzSfG4cz6bnXq6McM67Ho7p9" +}