Add files via upload

authentik/add_key.sh

@@ -0,0 +1 @@
+echo "AUTHENTIK_SECRET_KEY=$(openssl rand 60 | base64 -w 0)" >> .env

authentik/compose.yaml

@@ -0,0 +1,77 @@
+services:
+  authentikserver:
+    image: "ghcr.io/goauthentik/server:2024.6.1"
+    container_name: authentikserver
+    hostname: authentikserver
+    restart: always
+
+    command: server
+
+    volumes:
+      - authentik_media:/media
+      - authentik_custom_templates:/templates
+      - /var/run/docker.sock:/var/run/docker.sock
+
+    ports:
+      - 9000:9000
+      - 9443:9443
+
+    environment:
+      AUTHENTIK_REDIS__HOST: authentikredis
+      AUTHENTIK_POSTGRESQL__HOST: authentikpostgres
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${ROOT_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+      AUTHENTIK_EMAIL__HOST: "overleafsmtpd"
+      AUTHENTIK_EMAIL__PORT: "25"
+      AUTHENTIK_EMAIL__USE_TLS: "false"
+      AUTHENTIK_EMAIL__USE_SSL: "false"
+      # AUTHENTIK_EMAIL__TIMEOUT: 10
+      AUTHENTIK_EMAIL__FROM: "overleaf@neuro.uni-bremen.de"
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
+    networks:
+      - overleaf-network
+
+  authentikworker:
+    image: "ghcr.io/goauthentik/server:2024.6.1"
+    container_name: authentikworker
+    hostname: authentikworker
+    restart: always
+
+    command: worker
+
+    volumes:
+      - authentik_media:/media
+      - authentik_custom_templates:/templates
+      - authentik_certs:/certs
+      - /var/run/docker.sock:/var/run/docker.sock
+
+    environment:
+      AUTHENTIK_REDIS__HOST: authentikredis
+      AUTHENTIK_POSTGRESQL__HOST: authentikpostgres
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${ROOT_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+      AUTHENTIK_EMAIL__HOST: "overleafsmtpd"
+      AUTHENTIK_EMAIL__PORT: "25"
+      AUTHENTIK_EMAIL__USE_TLS: "false"
+      AUTHENTIK_EMAIL__USE_SSL: "false"
+      # AUTHENTIK_EMAIL__TIMEOUT: 10
+      AUTHENTIK_EMAIL__FROM: "overleaf@neuro.uni-bremen.de"
+      AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
+
+    networks:
+      - overleaf-network
+
+    user: root
+
+volumes:
+  authentik_media:
+  authentik_custom_templates:
+  authentik_certs:
+
+networks:
+  overleaf-network:
+    external: true

authentik/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

authentik/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

authentik/test_email.txt

@@ -0,0 +1,2 @@
+docker exec -it authentikworker bash
+ak test_email <to address>

authentik/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+

authentiknginx/compose.yaml

@@ -0,0 +1,22 @@
+services:
+  authentiknginx:
+    image: nginx:stable-alpine
+    container_name: authentiknginx
+    hostname: authentiknginx
+    restart: always
+    volumes:
+      - "/root/authentiknginx/key.pem:/certs/nginx_key.pem:ro"
+      - "/root/authentiknginx/ca.pem:/certs/nginx_certificate.pem:ro"
+      - "/root/authentiknginx/nginx.conf:/etc/nginx/nginx.conf:ro"
+    ports:
+      - "0.0.0.0:444:444"
+      - "0.0.0.0:81:81"
+    environment:
+      NGINX_WORKER_PROCESSES: "4"
+      NGINX_WORKER_CONNECTIONS: "768"
+    networks:
+      - overleaf-network
+
+networks:
+  overleaf-network:
+    external: true

authentiknginx/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

authentiknginx/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

authentiknginx/nginx.conf

@@ -0,0 +1,32 @@
+          events {}
+          http {
+            server {
+              listen 81 default_server;
+              server_name _;
+              return 301 https://$host$request_uri;
+            }
+            server {
+              listen 444 ssl;
+              ssl_certificate      /certs/nginx_certificate.pem;
+              ssl_certificate_key  /certs/nginx_key.pem;
+              ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
+              ssl_prefer_server_ciphers   on;
+              ssl_ciphers                 EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+              add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+              server_tokens off;
+              client_max_body_size 50M;
+
+              location / {
+                proxy_pass http://authentikserver:9000;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+                proxy_set_header Host $host;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_read_timeout 3m;
+                proxy_send_timeout 3m;
+              }
+            }
+          }
+

authentiknginx/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+

authentikpostgresql/compose.yaml

@@ -0,0 +1,31 @@
+services:
+  authentikpostgres:
+    image: "postgres:12-alpine"
+    container_name: "authentikpostgres"
+    hostname: "authentikpostgres"
+    restart: always
+    shm_size: 128mb
+    volumes:
+      - authentik_database:/var/lib/postgresql/data
+    ports:
+      - 6381:5432
+    environment:
+      POSTGRES_PASSWORD: ${ROOT_PASSWORD}
+      POSTGRES_USER: authentik
+      POSTGRES_DB: authentik
+    healthcheck:
+      test: ["CMD-SHELL", "sh -c 'pg_isready -U authentik -d authentik'"]
+      interval: 10s
+      timeout: 3s
+      retries: 3
+
+    networks:
+      - overleaf-network
+
+volumes:
+  authentik_database:
+
+
+networks:
+  overleaf-network:
+    external: true

authentikpostgresql/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

authentikpostgresql/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

authentikpostgresql/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+

authentikredis/compose.yaml

@@ -0,0 +1,27 @@
+# docker network create overleaf-network
+services:
+  authentikredis:
+    image: "redis:alpine"
+    container_name: "authentikredis"
+    hostname: "authentikredis"
+    restart: always
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - authentik_redis:/data
+    ports:
+      - 6380:6379
+    networks:
+      - overleaf-network
+
+volumes:
+  authentik_redis:
+
+networks:
+  overleaf-network:
+    external: true
+

authentikredis/down.sh

@@ -0,0 +1,2 @@
+docker compose down
+

authentikredis/logs.sh

@@ -0,0 +1,2 @@
+docker compose logs -f
+

authentikredis/up.sh

@@ -0,0 +1,2 @@
+docker compose up -d
+