services:
  postgresql:
    container_name: postgresql
    image: docker.io/library/postgres:16-alpine
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    volumes:
      - /data/postgresql:/var/lib/postgresql/data
    env_file:
      - ./env/authentik
  redis:
    container_name: redis
    image: docker.io/library/redis:alpine
    command: --save 60 1 --loglevel warning
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 3s
    volumes:
      - /data/redis:/data
  server:
    container_name: authentik_server
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
    restart: unless-stopped
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
    volumes:
      - /data/authentik/media:/media
      - /data/authentik/custom-templates:/templates
    env_file:
      - ./env/authentik
    ports:
      - "9000:9000"
      - "9443:9443"
    depends_on:
      - postgresql
      - redis
  worker:
    container_name: authentik_worker
    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
    restart: unless-stopped
    command: worker
    environment:
      AUTHENTIK_REDIS__HOST: redis
      AUTHENTIK_POSTGRESQL__HOST: postgresql
    user: root
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /data/authentik/media:/media
      - /data/certs:/certs
      - /data/authentik/custom-templates:/templates
    env_file:
      - ./env/authentik
    depends_on:
      - postgresql
      - redis