init

Authentik/.drone.yml

@@ -0,0 +1,110 @@
+---
+kind: pipeline
+type: docker
+name: deploy
+
+environment:
+  PACKAGE: Authentik
+  URL: authentik.alexlebens.net authentikldap.alexlebens.net
+
+steps:
+  - name: Tests
+    image: ps03fd.alexlebens.net:5000/droneimage:latest
+    commands:
+      - /scripts/tests.sh
+
+  - name: Nofification > Discord | Tests - Failure
+    image: appleboy/drone-discord
+    settings:
+      webhook_id:
+        from_secret: discord_webhook_id
+      webhook_token:
+        from_secret: discord_webhook_token
+      username: DroneCI - ps03fd
+      message: Docker compose validation for Authentik failed.
+    when:
+      status:
+        - failure
+
+  - name: Configuration
+    image: ps03fd.alexlebens.net:5000/droneimage:latest
+    commands:
+      - mkdir ~/.ssh/
+      - echo "$SSH_KEY" > ~/.ssh/id_rsa
+      - chmod 600 ~/.ssh/id_rsa
+      - ssh-keyscan -H $HOST_IP >> ~/.ssh/known_hosts
+      - /scripts/configuration.sh
+    environment:
+      SSH_KEY:
+        from_secret: ssh_key_ps03fd_drone
+      DOCKER_HOST:
+        from_secret: docker_host_ps03fd
+      HOST_IP:
+        from_secret: host_ip_ps03fd
+      UPTIMEKUMA_NAME:
+        from_secret: uptimekuma_name
+      UPTIMEKUMA_PASSWORD:
+        from_secret: uptimekuma_password
+      UPTIMEKUMA_URL:
+        from_secret: uptimekuma_url
+    when:
+      branch:
+        - main
+
+  - name: Nofification > Discord | Configuration - Failure
+    image: appleboy/drone-discord
+    settings:
+      webhook_id:
+        from_secret: discord_webhook_id
+      webhook_token:
+        from_secret: discord_webhook_token
+      username: DroneCI - ps03fd
+      message: Configuration for Authentik failed.
+    when:
+      status:
+        - failure
+
+  - name: Deploy
+    image: ps03fd.alexlebens.net:5000/droneimage:latest
+    commands:
+      - mkdir ~/.ssh/
+      - echo "$SSH_KEY" > ~/.ssh/id_rsa
+      - chmod 600 ~/.ssh/id_rsa
+      - ssh-keyscan -H $HOST_IP >> ~/.ssh/known_hosts
+      - /scripts/deploy.sh
+    environment:
+      SSH_KEY:
+        from_secret: ssh_key_ps03fd_drone
+      DOCKER_HOST:
+        from_secret: docker_host_ps03fd
+      HOST_IP:
+        from_secret: host_ip_ps03fd
+    when:
+      branch:
+        - main
+
+  - name: Nofification > Discord | Deploy - Success
+    image: appleboy/drone-discord
+    settings:
+      webhook_id:
+        from_secret: discord_webhook_id
+      webhook_token:
+        from_secret: discord_webhook_token
+      username: DroneCI - ps03fd
+      message: Docker compose deployment for Authentik succeeded
+    when:
+      status:
+        - sucess
+
+  - name: Nofification > Discord | Deploy - Failure
+    image: appleboy/drone-discord
+    settings:
+      webhook_id:
+        from_secret: discord_webhook_id
+      webhook_token:
+        from_secret: discord_webhook_token
+      username: DroneCI - ps03fd
+      message: Docker compose deployment for Authentik failed.
+    when:
+      status:
+        - failure

Authentik/.env

@@ -0,0 +1,17 @@
+POSTGRES_PASSWORD='0dJ+B16mOL7J25Quw3PzseRJhQfGKUcAuzGFiU7WqoUbBOrH'
+POSTGRES_USER='authentik'
+POSTGRES_DB='authentik'
+
+AUTHENTIK_REDIS__HOST='redis'
+AUTHENTIK_POSTGRESQL__HOST='postgresql'
+AUTHENTIK_POSTGRESQL__USER='authentik'
+AUTHENTIK_POSTGRESQL__NAME='authentik'
+AUTHENTIK_POSTGRESQL__PASSWORD='0dJ+B16mOL7J25Quw3PzseRJhQfGKUcAuzGFiU7WqoUbBOrH'
+AUTHENTIK_SECRET_KEY='SY8kT618oeYGjbSShODJk7rxM9JXnw7oa+vSDq7O0XEP1BvQ'
+AUTHENTIK_ERROR_REPORTING__ENABLED='true'
+WORKERS='1'
+
+AUTHENTIK_HOST='https://authentik.alexlebens.net'
+AUTHENTIK_INSECURE='false'
+AUTHENTIK_TOKEN='dIA2OZiTUBn4Df7motslW6sm3nDEIbdbursrVhk2sM6LFtbnZdpapLIdQCb3'
+SSL_CERT_FILE='/etc/ssl/certs/ca-certificates.crt'

Authentik/README.md

@@ -0,0 +1,3 @@
+# Authentik
+
+[![Build Status](https://drone.alexlebens.net/api/badges/alexlebens/Authentik/status.svg)](https://drone.alexlebens.net/alexlebens/Authentik)

Authentik/UptimeKuma/docker-1.json

@@ -0,0 +1,17 @@
+{
+    "type": "docker",
+    "name": "Authentik PostgreSQL - Docker",
+    "interval": 60,
+    "retryInterval": 20,
+    "maxretries": 1,
+    "notificationIDList": [
+        3,
+        4
+    ],
+    "url": "https://authentik.alexlebens.net",
+    "accepted_statuscodes": [
+        "200-299"
+    ],
+    "docker_container": "authentik_postgresql",
+    "docker_host": 1
+}

Authentik/UptimeKuma/docker-2.json

@@ -0,0 +1,17 @@
+{
+    "type": "docker",
+    "name": "Authentik Redis - Docker",
+    "interval": 60,
+    "retryInterval": 20,
+    "maxretries": 1,
+    "notificationIDList": [
+        3,
+        4
+    ],
+    "url": "https://authentik.alexlebens.net",
+    "accepted_statuscodes": [
+        "200-299"
+    ],
+    "docker_container": "authentik_redis",
+    "docker_host": 1
+}

Authentik/UptimeKuma/docker-3.json

@@ -0,0 +1,17 @@
+{
+    "type": "docker",
+    "name": "Authentik Server - Docker",
+    "interval": 60,
+    "retryInterval": 20,
+    "maxretries": 1,
+    "notificationIDList": [
+        3,
+        4
+    ],
+    "url": "https://authentik.alexlebens.net",
+    "accepted_statuscodes": [
+        "200-299"
+    ],
+    "docker_container": "authentik_server",
+    "docker_host": 1
+}

Authentik/UptimeKuma/docker-4.json

@@ -0,0 +1,17 @@
+{
+    "type": "docker",
+    "name": "Authentik Worker - Docker",
+    "interval": 60,
+    "retryInterval": 20,
+    "maxretries": 1,
+    "notificationIDList": [
+        3,
+        4
+    ],
+    "url": "https://authentik.alexlebens.net",
+    "accepted_statuscodes": [
+        "200-299"
+    ],
+    "docker_container": "authentik_worker",
+    "docker_host": 1
+}

Authentik/UptimeKuma/docker-5.json

@@ -0,0 +1,17 @@
+{
+    "type": "docker",
+    "name": "Authentik LDAP - Docker",
+    "interval": 60,
+    "retryInterval": 20,
+    "maxretries": 1,
+    "notificationIDList": [
+        3,
+        4
+    ],
+    "url": "https://authentik.alexlebens.net",
+    "accepted_statuscodes": [
+        "200-299"
+    ],
+    "docker_container": "authentik_ldap",
+    "docker_host": 1
+}

Authentik/UptimeKuma/http-1.json

@@ -0,0 +1,15 @@
+{
+    "type": "http",
+    "name": "Authentik - Web",
+    "interval": 60,
+    "retryInterval": 20,
+    "maxretries": 1,
+    "notificationIDList": [
+        3,
+        4
+    ],
+    "url": "https://authentik.alexlebens.net",
+    "accepted_statuscodes": [
+        "200-299"
+    ]
+}

Authentik/docker-compose.yml

@@ -0,0 +1,185 @@
+services:
+    postgresql:
+        container_name: authentik_postgresql
+        env_file:
+            - .env
+        image: postgres:12-alpine
+        healthcheck:
+            test:
+                [
+                    "CMD-SHELL",
+                    "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"
+                ]
+            start_period: 20s
+            interval: 30s
+            retries: 5
+            timeout: 5s
+        logging:
+            driver: json-file
+            options:
+                max-size: 50m
+                max-file: "3"
+        networks:
+            authentik:
+                ipv4_address: 172.14.0.3
+        restart: unless-stopped
+        volumes:
+            - postgressql:/var/lib/postgresql/data
+
+    redis:
+        command: --save 60 1 --loglevel warning
+        container_name: authentik_redis
+        healthcheck:
+            test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ]
+            start_period: 20s
+            interval: 30s
+            retries: 5
+            timeout: 3s
+        image: redis:alpine
+        logging:
+            driver: json-file
+            options:
+                max-size: 50m
+                max-file: "3"
+        networks:
+            authentik:
+                ipv4_address: 172.14.0.2
+        restart: unless-stopped
+        volumes:
+            - redis:/data
+
+    authentik:
+        command: server
+        container_name: authentik_server
+        depends_on:
+            - postgresql
+            - redis
+        env_file:
+            - .env
+        image: ghcr.io/goauthentik/server:2022.12.2
+        labels:
+            traefik.docker.network: traefik
+            traefik.enable: true
+            traefik.http.routers.authentik.entrypoints: websecure
+            traefik.http.routers.authentik.rule: Host(`authentik-old.alexlebens.net`)
+            traefik.http.routers.authentik.service: authentik
+            traefik.http.services.authentik.loadbalancer.server.port: 9000
+            traefik.http.routers.authentikoutpost.rule: HostRegexp(`{subdomain:[a-z0-9-]+}.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)
+            traefik.http.routers.authentikoutpost.entrypoints: websecure
+        logging:
+            driver: json-file
+            options:
+                max-size: 50m
+                max-file: "3"
+        networks:
+            traefik: null
+            authentik:
+                ipv4_address: 172.14.0.10
+        restart: unless-stopped
+        privileged: true
+        volumes:
+            - media:/media
+            - templates:/templates
+
+    authentik_worker:
+        command: worker
+        container_name: authentik_worker
+        depends_on:
+            - authentik
+        env_file:
+            - .env
+        image: ghcr.io/goauthentik/server:2022.12.2
+        logging:
+            driver: json-file
+            options:
+                max-size: 50m
+                max-file: "3"
+        networks:
+            authentik:
+                ipv4_address: 172.14.0.11
+        privileged: true
+        restart: unless-stopped
+        user: root
+        volumes:
+            - backups:/backups
+            - certs:/certs
+            - media:/media
+            - templates:/templates
+            - /var/run/docker.sock:/var/run/docker.sock
+
+    authentik_ldap:
+        container_name: authentik_ldap
+        depends_on:
+            - authentik
+        env_file:
+            - .env
+        image: ghcr.io/goauthentik/ldap:2022.12.2
+        logging:
+            driver: json-file
+            options:
+                max-size: 50m
+                max-file: "3"
+        networks:
+            authentik:
+                ipv4_address: 172.14.0.12
+            traefik: null
+        ports:
+            - 192.168.1.15:389:389/tcp
+            - 192.168.1.15:636:636/tcp
+        privileged: true
+        restart: unless-stopped
+
+networks:
+    traefik:
+        name: traefik
+        external: true
+
+    authentik:
+        name: authentik
+        external: false
+        ipam:
+            config:
+                - subnet: 172.14.0.0/16
+
+volumes:
+    postgressql:
+        driver: local
+        driver_opts:
+            type: none
+            o: bind
+            device: /var/lib/docker/volumes/partition/authentik_postgressql
+
+    redis:
+        driver: local
+        driver_opts:
+            type: none
+            o: bind
+            device: /var/lib/docker/volumes/partition/authentik_redis
+
+    backups:
+        driver: local
+        driver_opts:
+            type: none
+            o: bind
+            device: /var/lib/docker/volumes/partition/authentik_backups
+
+    certs:
+        driver: local
+        driver_opts:
+            type: none
+            o: bind
+            device: /var/lib/docker/volumes/partition/authentik_certs
+
+    media:
+        driver: local
+        driver_opts:
+            type: none
+            o: bind
+            device: /var/lib/docker/volumes/partition/authentik_media
+
+    templates:
+        driver: local
+        driver_opts:
+            type: none
+            o: bind
+            device: /var/lib/docker/volumes/partition/authentik_templates