LBP
/
ChristianLempa_Boilerplates
spiegel van https://github.com/ChristianLempa/boilerplates.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
							---
kind: compose
metadata:
  name: Authentik
  description: 'Integrate Authentik Single Sign-On (SSO) for secure and streamlined user authentication.

    Authentik is an open-source identity provider that supports various authentication protocols.

    This configuration enables OAuth-based SSO, allowing users to log in using their Authentik

    credentials, enhancing security and user experience.

    ## Prerequisites

    - :warning: The `authentik_secret_key` must be generated using the following command

    according to the official documentation.

    ```bash

    echo "$(openssl rand -base64 60 | tr -d ''\n'')"

    ```

    ## References

    * **Project:** https://goauthentik.io/

    * **Documentation:** https://goauthentik.io/docs/

    * **GitHub:** https://github.com/goauthentik/authentik'
  icon:
    provider: selfh
    id: authentik
  next_steps: 'Log in with your initial admin user:

    ```bash

    Username: akadmin

    Password: {{ authentik_admin_password }}

    ```'
  version: 2025.10.3
  author: Christian Lempa
  date: '2025-12-16'
  tags:
    - traefik
    - volume
schema: '1.2'
spec:
  general:
    vars:
      service_name:
        default: authentik
      restart_policy:
        type: enum
        options:
          - unless-stopped
          - always
          - on-failure
          - 'no'
        default: unless-stopped
        required: true
  database:
    vars:
      database_password:
        description: Database password
        type: str
        sensitive: true
        required: true
      database_user:
        type: str
        default: ''
        description: The database user
      database_name:
        type: str
        default: ''
        description: The database name
      database_external:
        type: bool
        default: false
        description: Use external database
  ports:
    vars:
      ports_http:
        default: 8000
      ports_https:
        default: 8443
  traefik:
    vars:
      traefik_host:
        default: authentik
      traefik_network:
        default: traefik
        type: str
        required: true
      traefik_domain:
        default: home.arpa
        type: str
        required: true
      traefik_enabled:
        type: bool
        default: false
        description: Enable Traefik integration
  authentik:
    description: Configure Authentik application settings
    required: true
    vars:
      authentik_secret_key:
        description: Secret Key
        extra: Used for cookie signing and unique user IDs
        type: str
        sensitive: true
        required: true
      authentik_admin_password:
        description: Initial admin user password
        type: str
        sensitive: true
        autogenerated: true
      authentik_error_reporting:
        description: Enable error reporting to Authentik developers
        type: bool
  traefik_tls:
    vars:
      traefik_tls_certresolver:
        type: str
        default: cloudflare
        required: true
      traefik_tls_enabled:
        type: bool
        default: false
        description: Enable Traefik TLS
  volume:
    vars:
      volume_mode:
        type: enum
        options:
          - local
          - mount
          - nfs
        default: local
        required: true
      volume_mount_path:
        type: str
        default: /mnt/storage
        needs:
          - volume_mode=mount
        required: true
      volume_nfs_server:
        type: str
        default: 192.168.1.1
        needs:
          - volume_mode=nfs
        required: true
      volume_nfs_path:
        type: str
        default: /export
        needs:
          - volume_mode=nfs
        required: true
      volume_nfs_options:
        type: str
        default: rw,nolock,soft
        needs:
          - volume_mode=nfs
        required: true
  email:
    vars:
      email_host:
        description: SMTP server hostname
        type: str
        required: true
      email_port:
        description: SMTP server port
        type: int
        default: 25
        required: true
      email_username:
        description: SMTP username
        type: str
        required: true
      email_password:
        description: SMTP password
        type: str
        sensitive: true
        required: true
      email_from:
        description: From email address
        type: str
        required: true
      email_enabled:
        type: bool
        default: false
        description: Enable email integration
      email_encryption:
        type: str
        default: tls
        description: The email encryption type