diff --git a/authentik/add_key.sh b/authentik/add_key.sh new file mode 100644 index 0000000..15c1fb3 --- /dev/null +++ b/authentik/add_key.sh @@ -0,0 +1 @@ +echo "AUTHENTIK_SECRET_KEY=$(openssl rand 60 | base64 -w 0)" >> .env diff --git a/authentik/compose.yaml b/authentik/compose.yaml new file mode 100644 index 0000000..0fb2456 --- /dev/null +++ b/authentik/compose.yaml @@ -0,0 +1,77 @@ +services: + authentikserver: + image: "ghcr.io/goauthentik/server:2024.6.1" + container_name: authentikserver + hostname: authentikserver + restart: always + + command: server + + volumes: + - authentik_media:/media + - authentik_custom_templates:/templates + - /var/run/docker.sock:/var/run/docker.sock + + ports: + - 9000:9000 + - 9443:9443 + + environment: + AUTHENTIK_REDIS__HOST: authentikredis + AUTHENTIK_POSTGRESQL__HOST: authentikpostgres + AUTHENTIK_POSTGRESQL__USER: authentik + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${ROOT_PASSWORD} + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} + AUTHENTIK_EMAIL__HOST: "overleafsmtpd" + AUTHENTIK_EMAIL__PORT: "25" + AUTHENTIK_EMAIL__USE_TLS: "false" + AUTHENTIK_EMAIL__USE_SSL: "false" + # AUTHENTIK_EMAIL__TIMEOUT: 10 + AUTHENTIK_EMAIL__FROM: "overleaf@neuro.uni-bremen.de" + AUTHENTIK_ERROR_REPORTING__ENABLED: "true" + networks: + - overleaf-network + + authentikworker: + image: "ghcr.io/goauthentik/server:2024.6.1" + container_name: authentikworker + hostname: authentikworker + restart: always + + command: worker + + volumes: + - authentik_media:/media + - authentik_custom_templates:/templates + - authentik_certs:/certs + - /var/run/docker.sock:/var/run/docker.sock + + environment: + AUTHENTIK_REDIS__HOST: authentikredis + AUTHENTIK_POSTGRESQL__HOST: authentikpostgres + AUTHENTIK_POSTGRESQL__USER: authentik + AUTHENTIK_POSTGRESQL__NAME: authentik + AUTHENTIK_POSTGRESQL__PASSWORD: ${ROOT_PASSWORD} + AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY} + AUTHENTIK_EMAIL__HOST: "overleafsmtpd" + AUTHENTIK_EMAIL__PORT: "25" + AUTHENTIK_EMAIL__USE_TLS: "false" + AUTHENTIK_EMAIL__USE_SSL: "false" + # AUTHENTIK_EMAIL__TIMEOUT: 10 + AUTHENTIK_EMAIL__FROM: "overleaf@neuro.uni-bremen.de" + AUTHENTIK_ERROR_REPORTING__ENABLED: "true" + + networks: + - overleaf-network + + user: root + +volumes: + authentik_media: + authentik_custom_templates: + authentik_certs: + +networks: + overleaf-network: + external: true diff --git a/authentik/down.sh b/authentik/down.sh new file mode 100644 index 0000000..c864209 --- /dev/null +++ b/authentik/down.sh @@ -0,0 +1,2 @@ +docker compose down + diff --git a/authentik/logs.sh b/authentik/logs.sh new file mode 100644 index 0000000..5fd46e9 --- /dev/null +++ b/authentik/logs.sh @@ -0,0 +1,2 @@ +docker compose logs -f + diff --git a/authentik/test_email.txt b/authentik/test_email.txt new file mode 100644 index 0000000..e706ffa --- /dev/null +++ b/authentik/test_email.txt @@ -0,0 +1,2 @@ +docker exec -it authentikworker bash +ak test_email diff --git a/authentik/up.sh b/authentik/up.sh new file mode 100644 index 0000000..a4a5dbb --- /dev/null +++ b/authentik/up.sh @@ -0,0 +1,2 @@ +docker compose up -d + diff --git a/authentiknginx/compose.yaml b/authentiknginx/compose.yaml new file mode 100644 index 0000000..d56097e --- /dev/null +++ b/authentiknginx/compose.yaml @@ -0,0 +1,22 @@ +services: + authentiknginx: + image: nginx:stable-alpine + container_name: authentiknginx + hostname: authentiknginx + restart: always + volumes: + - "/root/authentiknginx/key.pem:/certs/nginx_key.pem:ro" + - "/root/authentiknginx/ca.pem:/certs/nginx_certificate.pem:ro" + - "/root/authentiknginx/nginx.conf:/etc/nginx/nginx.conf:ro" + ports: + - "0.0.0.0:444:444" + - "0.0.0.0:81:81" + environment: + NGINX_WORKER_PROCESSES: "4" + NGINX_WORKER_CONNECTIONS: "768" + networks: + - overleaf-network + +networks: + overleaf-network: + external: true diff --git a/authentiknginx/down.sh b/authentiknginx/down.sh new file mode 100644 index 0000000..c864209 --- /dev/null +++ b/authentiknginx/down.sh @@ -0,0 +1,2 @@ +docker compose down + diff --git a/authentiknginx/logs.sh b/authentiknginx/logs.sh new file mode 100644 index 0000000..5fd46e9 --- /dev/null +++ b/authentiknginx/logs.sh @@ -0,0 +1,2 @@ +docker compose logs -f + diff --git a/authentiknginx/nginx.conf b/authentiknginx/nginx.conf new file mode 100644 index 0000000..c0692d7 --- /dev/null +++ b/authentiknginx/nginx.conf @@ -0,0 +1,32 @@ + events {} + http { + server { + listen 81 default_server; + server_name _; + return 301 https://$host$request_uri; + } + server { + listen 444 ssl; + ssl_certificate /certs/nginx_certificate.pem; + ssl_certificate_key /certs/nginx_key.pem; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; + server_tokens off; + client_max_body_size 50M; + + location / { + proxy_pass http://authentikserver:9000; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 3m; + proxy_send_timeout 3m; + } + } + } + diff --git a/authentiknginx/up.sh b/authentiknginx/up.sh new file mode 100644 index 0000000..a4a5dbb --- /dev/null +++ b/authentiknginx/up.sh @@ -0,0 +1,2 @@ +docker compose up -d + diff --git a/authentikpostgresql/compose.yaml b/authentikpostgresql/compose.yaml new file mode 100644 index 0000000..0e1405b --- /dev/null +++ b/authentikpostgresql/compose.yaml @@ -0,0 +1,31 @@ +services: + authentikpostgres: + image: "postgres:12-alpine" + container_name: "authentikpostgres" + hostname: "authentikpostgres" + restart: always + shm_size: 128mb + volumes: + - authentik_database:/var/lib/postgresql/data + ports: + - 6381:5432 + environment: + POSTGRES_PASSWORD: ${ROOT_PASSWORD} + POSTGRES_USER: authentik + POSTGRES_DB: authentik + healthcheck: + test: ["CMD-SHELL", "sh -c 'pg_isready -U authentik -d authentik'"] + interval: 10s + timeout: 3s + retries: 3 + + networks: + - overleaf-network + +volumes: + authentik_database: + + +networks: + overleaf-network: + external: true diff --git a/authentikpostgresql/down.sh b/authentikpostgresql/down.sh new file mode 100644 index 0000000..c864209 --- /dev/null +++ b/authentikpostgresql/down.sh @@ -0,0 +1,2 @@ +docker compose down + diff --git a/authentikpostgresql/logs.sh b/authentikpostgresql/logs.sh new file mode 100644 index 0000000..5fd46e9 --- /dev/null +++ b/authentikpostgresql/logs.sh @@ -0,0 +1,2 @@ +docker compose logs -f + diff --git a/authentikpostgresql/up.sh b/authentikpostgresql/up.sh new file mode 100644 index 0000000..a4a5dbb --- /dev/null +++ b/authentikpostgresql/up.sh @@ -0,0 +1,2 @@ +docker compose up -d + diff --git a/authentikredis/compose.yaml b/authentikredis/compose.yaml new file mode 100644 index 0000000..9bc0e66 --- /dev/null +++ b/authentikredis/compose.yaml @@ -0,0 +1,27 @@ +# docker network create overleaf-network +services: + authentikredis: + image: "redis:alpine" + container_name: "authentikredis" + hostname: "authentikredis" + restart: always + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - authentik_redis:/data + ports: + - 6380:6379 + networks: + - overleaf-network + +volumes: + authentik_redis: + +networks: + overleaf-network: + external: true + diff --git a/authentikredis/down.sh b/authentikredis/down.sh new file mode 100644 index 0000000..c864209 --- /dev/null +++ b/authentikredis/down.sh @@ -0,0 +1,2 @@ +docker compose down + diff --git a/authentikredis/logs.sh b/authentikredis/logs.sh new file mode 100644 index 0000000..5fd46e9 --- /dev/null +++ b/authentikredis/logs.sh @@ -0,0 +1,2 @@ +docker compose logs -f + diff --git a/authentikredis/up.sh b/authentikredis/up.sh new file mode 100644 index 0000000..a4a5dbb --- /dev/null +++ b/authentikredis/up.sh @@ -0,0 +1,2 @@ +docker compose up -d +