docker-compose/authentik
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Docker compose deployment for my authentik instance, sso.s1q.dev.
34 commits 1 branch 0 tags 108 KiB
Find a file
Philip Henning f1fa099e4e WIP add restic backups
2024-11-25 10:23:22 +01:00
data/nginx enable hsts 2024-11-19 15:52:33 +01:00
docker/nginx Add cert scripts; update readme; update gitignore; add nginx 2024-11-19 10:54:05 +01:00
scripts WIP add restic backups 2024-11-25 10:23:22 +01:00
.gitignore Add cert scripts; update readme; update gitignore; add nginx 2024-11-19 10:54:05 +01:00
docker-compose.yml re-add dependency on server by nginx 2024-11-19 14:23:39 +01:00
env.template WIP add restic backups 2024-11-25 10:23:22 +01:00
README.md WIP add restic backups 2024-11-25 10:23:22 +01:00

README.md

sso.base23.de - Base23 SSO for all services

Authentik based SSO for our sevices.

Table of Contents

Prerequisites

Server Setup

apt update \
  && apt upgrade -y \
  && for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt remove $pkg; done \
  && apt install ca-certificates curl \
  && install -m 0755 -d /etc/apt/keyrings \
  && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
  && chmod a+r /etc/apt/keyrings/docker.asc \
  && echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  tee /etc/apt/sources.list.d/docker.list > /dev/null \
  && apt update \
  && apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \
  && mkdir -p /var/lib/apps \
  && ln -s /var/lib/apps \
  && apt install -y git vim \
  && TEMP_DIR=$(mktemp -d) \
  && curl -fsSL https://github.com/go-acme/lego/releases/download/v4.20.2/lego_v4.20.2_linux_amd64.tar.gz -o ${TEMP_DIR}/lego_v4.20.2_linux_amd64.tar.gz \
  && tar xzvf ${TEMP_DIR}/lego_v4.20.2_linux_amd64.tar.gz --directory=${TEMP_DIR} \
  && install -m 755 -o root -g root "${TEMP_DIR}/lego" "/usr/local/bin" \
  && rm -rf ${TEMP_DIR} \
  && unset TEMP_DIR

Base23 Docker registry login

docker login -u gitlab+deploy-token-5 registry.git.base23.de

Installation

Clone & configure initially

  1. Create a Storage Box sub account.
  2. Enter the username to env.template.
  3. Run the initial configuration script:
cd /root/apps \
  && git clone ssh://git@git.base23.de:222/base23/sso.base23.de.git \
  && cd sso.base23.de \
  && ./scripts/init.sh
  1. Use the generated SSH key and copy it to the Hetzner Storage box for backups:
ssh-copy-id -i ./data/restic/ssh/id_ed25519 -p 23 -s u291924-sub4@u291924.your-storagebox.de

Fist run

docker compose build --no-cache \
    --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
    --build-arg SRC_REV=$(git rev-parse --short HEAD) \
  && docker compose up -d; docker compose logs -f

Upgrade

  1. Update AUTHENTIK_TAG to the desired tag in env.template.
  2. Commit & push changes to the Repo.
  3. Run diff --color='auto' env.template .env to display the diff between env.template and .env.
  4. Port the made changes to .env.
  5. docker compose down
  6. docker compose up -d; docker compose logs -f

Rebuild containers locally

docker compose build --no-cache \
  --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
  --build-arg SRC_REV=$(git rev-parse --short HEAD)