Use a service instead of a manually started compose

README.md

@@ -18,6 +18,10 @@ apt update \
   tee /etc/apt/sources.list.d/docker.list > /dev/null \
   && apt update \
   && apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \
+  && echo "{" > /etc/docker/daemon.json \
+  && echo "  \"log-driver\": \"journald\"" >> /etc/docker/daemon.json \
+  && echo "}" >> /etc/docker/daemon.json \
+  && systemctl restart docker.service \
   && mkdir -p /var/lib/apps \
   && ln -s /var/lib/apps \
   && apt install -y git vim \
@@ -39,16 +43,32 @@ cd /root/apps \
   && ./scripts/init.sh \
   && docker compose build --no-cache \
     --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
-    --build-arg SRC_REV=$(git rev-parse --short HEAD) \
+    --build-arg SRC_REV=$(git rev-parse --short HEAD)
-  && docker compose up -d; docker compose logs -f
+```
+
+## Service Handling
+
+Start service:
+```shell
+systemctl start authentik.service
+```
+
+Stop service:
+```shell
+systemctl stop authentik.service
+```
+
+Show logs:
+```shell
+journalctl -xef -u authentik.service
 ```
 
 ## Upgrade
 
 1. Update `AUTHENTIK_TAG` to the desired tag in `env.template`, as well as
 in the deployed `.env` file.
-2. `docker-compose down`
+2. `systemctl stop authentik.service`
-3. `docker compose up -d; docker compose logs -f`
+3. `systemctl start authentik.service; journalctl -xef -u authentik.service`
 
 ## Rebuild containers locally
 

scripts/init.sh

@@ -27,12 +27,11 @@ prompt_password() {
 # Trap SIGINT to exit gracefully if the user aborts with CTRL+C
 trap 'printf "\nOperation aborted by user.\n" >&2; exit 1' SIGINT
 
-
 cd "$(dirname "$(realpath "$0")")/../"
+AUTHENTIK_DOCKER_COMPOSE_PATH="$(realpath "$(pwd)")"
 
 # Check if .env exists and exit if it is
-[[ -f ./.env ]] && echo ".env already exists. Exiting!" && exit 1 || true
+if [[ ! -f ./.env ]]; then
-
 	cat ./env.template >> ./.env
 	echo "# SECRETS" >> ./.env
 	echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./.env
@@ -40,6 +39,7 @@ echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./.env
 	prompt_password "AUTHENTIK_EMAIL__PASSWORD"; echo "AUTHENTIK_EMAIL__PASSWORD=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
 	prompt_password "GEOIPUPDATE_LICENSE_KEY"; echo "GEOIPUPDATE_LICENSE_KEY=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
 	echo "" >> ./.env
+fi
 
 # Generate dhparam, if not existing
 [[ ! -d ./data/nginx/certs ]] && mkdir -p ./data/nginx/certs && chmod 700 ./data/nginx/certs && chown 101:101 ./data/nginx/certs || true
@@ -60,7 +60,7 @@ if [[ ! -d ./data/.lego ]]; then
 fi
 
 # Setup directory for acme cheallenges
-mkdir -p ./data/nginx/acme
+[[ ! -d ./data/nginx/acme ]] && mkdir -p ./data/nginx/acme
 
 # Setup cronjob to automatically renew certificates
 [[ ! -f /etc/systemd/system/lego-renew-sso-base23-de.service ]] && cat <<EOF > /etc/systemd/system/lego-renew-sso-base23-de.service && systemctl daemon-reload
@@ -72,8 +72,8 @@ After=network-online.target
 
 [Service]
 Type=oneshot
-ExecStart=/var/lib/apps/sso.base23.de/scripts/cert_renew.sh
+ExecStart=${AUTHENTIK_DOCKER_COMPOSE_PATH}/scripts/cert_renew.sh
-WorkingDirectory=/var/lib/apps/sso.base23.de/
+WorkingDirectory=${AUTHENTIK_DOCKER_COMPOSE_PATH}/
 User=root
 Group=root
 RemainAfterExit=yes
@@ -95,3 +95,21 @@ Persistent=true
 [Install]
 WantedBy=timers.target
 EOF
+
+# Setup systemd service for authentik
+[[ ! -f /etc/systemd/system/authentik.service ]] && cat <<EOF > /etc/systemd/system/authentik.service && systemctl daemon-reload && systemctl enable authentik.service
+[Unit]
+Description=Authentik Docker Compose Service
+After=network.target docker.service
+Requires=docker.service
+
+[Service]
+Restart=always
+WorkingDirectory=${AUTHENTIK_DOCKER_COMPOSE_PATH}
+ExecStart=/usr/bin/docker compose up -d
+ExecStop=/usr/bin/docker compose down
+TimeoutStartSec=0
+
+[Install]
+WantedBy=multi-user.target
+EOF