networks:
  traefik-net:
    name: traefik-net
    external: true

volumes:
  authentik-pg-data:
    name: authentik-pg-data
  authentik-pg-backup:
    name: authentik-pg-backup
  authentik-redis:
    name: authentik-redis
  authentik-data:
    name: authentik-data
  authentik-certs:
    name: authentik-certs

x-authentik: &x-authentik
  image: ghcr.io/goauthentik/server:2024.8
  restart: unless-stopped
  env_file:
    - .env
  depends_on:
    - db
    - redis
  networks:
    - traefik-net
    - default

services:
  authentik:
    <<: *x-authentik
    command: server
    volumes:
      - authentik-data:/media
    deploy:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-net
        - traefik.http.routers.authentik.rule=Host(`${HOST}`)
        - traefik.http.routers.authentik.entrypoints=websecure
        - traefik.http.routers.authentik.tls.certresolver=le
        - traefik.http.services.authentik.loadbalancer.server.port=9000


  worker:
    <<: *x-authentik
    command: worker
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - authentik-data:/media
      - authentik-certs:/certs

  backup:
    image: prodrigestivill/postgres-backup-local:16
    depends_on:
      - db
    volumes:
      - authentik-pg-backup:/backups
    environment:
      - POSTGRES_EXTRA_OPTS=-Z 6 -F c
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DATABASE}
      - POSTGRES_HOST=db

  db:
    image: postgres:16
    volumes:
      - authentik-pg-data:/var/lib/postgresql/data
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DATABASE}

  redis:
    image: redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    volumes:
      - authentik-redis:/data