--- volumes: database: driver: local valkey: driver: local services: copyparty: image: copyparty/ac:latest container_name: idp_copyparty restart: unless-stopped user: "1000:1000" # should match the user/group of your fileshare volumes volumes: - ./cpp/:/cfg:z # the copyparty config folder - /srv/pub:/w:z # this is where we declare that "/srv/pub" is the filesystem-path on the server that shall be shared online ports: - 3923 labels: - 'traefik.enable=true' - 'traefik.http.routers.fs.rule=Host(`fs.example.com`)' - 'traefik.http.routers.fs.entrypoints=http' #- 'traefik.http.routers.fs.middlewares=authelia@docker' # TODO: ??? stop_grace_period: 15s # thumbnailer is allowed to continue finishing up for 10s after the shutdown signal environment: LD_PRELOAD: /usr/lib/libmimalloc-secure.so.NOPE # enable mimalloc by replacing "NOPE" with "2" for a nice speed-boost (will use twice as much ram) PYTHONUNBUFFERED: 1 # ensures log-messages are not delayed (but can reduce speed a tiny bit) socket-proxy: image: lscr.io/linuxserver/socket-proxy:3.2.3 container_name: idp_socket_proxy restart: unless-stopped environment: - CONTAINERS=1 - NETWORKS=1 - EVENTS=1 - PING=1 - VERSION=1 - LOG_LEVEL=warning volumes: - /var/run/docker.sock:/var/run/docker.sock:ro security_opt: - no-new-privileges:true read_only: true tmpfs: - /run:noexec,nosuid,size=10m expose: - 2375 traefik: image: traefik:3.5 container_name: traefik volumes: - ./traefik:/etc/traefik:Z ports: - "80:80" - "443:443" command: - '--api' - '--providers.docker.endpoint=tcp://socket-proxy:2375' - '--providers.docker.exposedByDefault=false' - '--entrypoints.web.address=:80' - '--entrypoints.web.http.redirections.entrypoint.to=websecure' - '--entrypoints.web.http.redirections.entrypoint.scheme=https' - '--entrypoints.websecure.address=:443' - '--log.level=WARNING' depends_on: - idp_socket_proxy postgresql: image: docker.io/library/postgres:12-alpine container_name: idp_postgresql restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s volumes: - database:/var/lib/postgresql/data:z environment: POSTGRES_PASSWORD: postgrass POSTGRES_USER: authentik POSTGRES_DB: authentik env_file: - .env valkey: image: valkey/valkey:8.0-alpine command: --save 60 1 --loglevel warning container_name: idp_valkey restart: unless-stopped healthcheck: test: ["CMD-SHELL", "valkey-cli ping | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s volumes: - valkey:/data:z authentik_server: image: ghcr.io/goauthentik/server:2024.2.1 container_name: idp_authentik_server restart: unless-stopped command: server environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: postgrass volumes: - ./media:/media:z - ./custom-templates:/templates:z env_file: - .env ports: - 9000 - 9443 depends_on: - postgresql - redis authentik_worker: image: ghcr.io/goauthentik/server:2024.2.1 container_name: idp_authentik_worker restart: unless-stopped command: worker environment: AUTHENTIK_REDIS__HOST: redis AUTHENTIK_POSTGRESQL__HOST: postgresql AUTHENTIK_POSTGRESQL__USER: authentik AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__PASSWORD: postgrass # `user: root` and the docker socket volume are optional. # See more for the docker socket integration here: # https://goauthentik.io/docs/outposts/integrations/docker # Removing `user: root` also prevents the worker from fixing the permissions # on the mounted folders, so when removing this make sure the folders have the correct UID/GID # (1000:1000 by default) user: root volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media:z - ./certs:/certs:z - ./custom-templates:/templates:z env_file: - .env depends_on: - postgresql - redis