# /services/authentik/compose.yml

services:
  authentik_server:
    image: authentik/server:2025.10
    container_name: authentik_server
    restart: always
    command: server
    depends_on:
      authentik_db:
        condition: service_healthy
    environment:
      AUTHENTIK_POSTGRESQL__HOST: authentik_db
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
    networks:
      - default
      - traefik
    volumes:
      - ./data/media:/media
      - ./data/templates:/templates

  authentik_worker:
    image: authentik/server:2025.10
    container_name: authentik_worker
    restart: always
    command: worker
    depends_on:
      authentik_db:
        condition: service_healthy
    environment:
      AUTHENTIK_POSTGRESQL__HOST: authentik_db
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
    networks:
      - default
    volumes:
      - ./certs:/certs
      - ./data/media:/media
      - ./data/templates:/templates
      - /var/run/docker.sock:/var/run/docker.sock

  authentik_db:
    image: postgres:16
    container_name: authentik_db
    restart: always
    environment:
      POSTGRES_DB: authentik
      POSTGRES_USER: authentik
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    healthcheck:
      test: pg_isready
      interval: 30s
      timeout: 10s
      retries: 3
    networks:
      - default
    volumes:
      - ./db:/var/lib/postgresql/data

networks:
  traefik:
    external: true