jjvijgen/homelab
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84609f78612f492002a4e2bc7ac3751e85724f2b
homelab/modules/30-services-software/authentik-service/main.tf
T
Jeroen Vijgen 84609f7861 Revert network changes
2026-03-27 23:14:36 +02:00

140 lines
4.6 KiB
Terraform
Raw Blame History

terraform {
required_providers {
dotenv = {
source = "germanbrew/dotenv"
}
}
}
locals {
container_name = "authentik"
redis_container_name = "authentik-redis"
postgres_container_name = "authentik-postgres"
authentik_image = "ghcr.io/goauthentik/server"
redis_image = "docker.io/library/redis"
postgres_image = "docker.io/library/postgres"
authentik_tag = var.image_tag
redis_tag = var.redis_image_tag
postgres_tag = var.postgres_image_tag
env_file = "${path.module}/.env"
authentik_internal_port = 9000
authentik_content = <<-EOT
EOT
authentik_volumes = [
{
host_path = "${var.volume_path}/${local.container_name}/media"
container_path = "/media"
read_only = false
},
{
host_path = "${var.volume_path}/${local.container_name}/custom-templates"
container_path = "/templates"
read_only = false
},
{
host_path = "${var.volume_path}/${local.container_name}/user_settings.py"
container_path = "/data/user_settings.py"
read_only = false
}
]
redis_volumes = [
{
host_path = "${var.volume_path}/${local.container_name}/redis/data"
container_path = "/data"
read_only = false
},
]
postgres_volumes = [
{
host_path = "${var.volume_path}/${local.container_name}/postgres/data"
container_path = "/var/lib/postgresql/data"
read_only = false
},
]
authentik_env_vars = {
AUTHENTIK_SECRET_KEY = provider::dotenv::get_by_key("AUTHENTIK_SECRET_KEY", local.env_file)
AUTHENTIK_REDIS__HOST = provider::dotenv::get_by_key("AUTHENTIK_REDIS__HOST", local.env_file)
AUTHENTIK_POSTGRESQL__HOST = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__HOST", local.env_file)
AUTHENTIK_POSTGRESQL__USER = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file)
AUTHENTIK_POSTGRESQL__NAME = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__NAME", local.env_file)
AUTHENTIK_POSTGRESQL__PASSWORD = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file)
}
postgres_env_vars = {
POSTGRES_PASSWORD = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file)
POSTGRES_USER = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file)
POSTGRES_DB = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__DB", local.env_file)
}
}
resource "local_file" "authentik_config_file" {
content = local.authentik_content
filename = "${var.volume_path}/${local.container_name}/user_settings.py"
}
module "authentik_network" {
source = "../../01-networking/network-service"
name = "authentik-network"
subnet = "172.17.0.0/29"
driver = "bridge"
options = {
"isolate" : false
}
}
module "authentik-postgres" {
source = "../../10-generic/docker-service"
container_name = local.postgres_container_name
image = local.postgres_image
tag = local.postgres_tag
volumes = local.postgres_volumes
env_vars = local.postgres_env_vars
networks = [module.authentik_network.name]
}
module "authentik-redis" {
source = "../../10-generic/docker-service"
container_name = local.redis_container_name
image = local.redis_image
tag = local.redis_tag
volumes = local.redis_volumes
networks = [module.authentik_network.name]
}
module "authentik-server" {
source = "../../10-generic/docker-service"
container_name = local.container_name
image = local.authentik_image
tag = local.authentik_tag
volumes = local.authentik_volumes
env_vars = local.authentik_env_vars
networks = concat([module.authentik_network.name], var.networks)
command = ["server"]
}
module "authentik-worker" {
source = "../../10-generic/docker-service"
container_name = "${local.container_name}-worker"
image = local.authentik_image
tag = local.authentik_tag
volumes = local.authentik_volumes
env_vars = local.authentik_env_vars
networks = [module.authentik_network.name]
command = ["worker"]
}
output "service_definition" {
description = "General service definition with optional ingress configuration"
value = {
name = local.container_name
primary_port = local.authentik_internal_port
endpoint = "http://${local.container_name}:${local.authentik_internal_port}"
subdomains = ["authz"]
}
}
Reference in New Issue View Git Blame Copy Permalink