Kinesin/sovereign
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1c53d865b61edcaa18343094390221c019a5293f
sovereign/roles/automatisch/templates/docker-compose.yml.j2
T
Ian Roddis 648f08c150 Adding automatisch
2026-05-02 09:15:51 -03:00

121 lines
4.3 KiB
Django/Jinja
Raw Blame History

services:
automatisch-db:
image: postgres:16-alpine
container_name: automatisch-db
restart: unless-stopped
environment:
POSTGRES_DB: automatisch
POSTGRES_USER: automatisch
POSTGRES_PASSWORD: "{{ automatisch_db_password }}"
volumes:
- {{ automatisch_data_dir }}/db:/var/lib/postgresql/data
networks:
- internal
logging:
driver: gelf
options:
gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
tag: "automatisch-db"
automatisch-redis:
image: redis:7-alpine
container_name: automatisch-redis
restart: unless-stopped
networks:
- internal
logging:
driver: gelf
options:
gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
tag: "automatisch-redis"
automatisch:
image: automatischio/automatisch:{{ automatisch_version }}
container_name: automatisch
restart: unless-stopped
depends_on:
- automatisch-db
- automatisch-redis
environment:
HOST: "{{ automatisch_domain }}"
PROTOCOL: https
PORT: "3000"
APP_ENV: production
POSTGRES_HOST: automatisch-db
POSTGRES_PORT: "5432"
POSTGRES_DATABASE: automatisch
POSTGRES_USERNAME: automatisch
POSTGRES_PASSWORD: "{{ automatisch_db_password }}"
REDIS_HOST: automatisch-redis
REDIS_PORT: "6379"
ENCRYPTION_KEY: "{{ automatisch_encryption_key }}"
WEBHOOK_SECRET_KEY: "{{ automatisch_webhook_secret_key }}"
APP_SECRET_KEY: "{{ automatisch_app_secret_key }}"
SMTP_HOST: "{{ smtp_host }}"
SMTP_PORT: "{{ smtp_port }}"
SMTP_USER: "{{ smtp_user }}"
SMTP_PASSWORD: "{{ smtp_password }}"
FROM_EMAIL: "{{ smtp_from }}"
TELEMETRY_ENABLED: "false"
volumes:
- {{ automatisch_data_dir }}/storage:/automatisch/packages/backend/storage
labels:
- "traefik.enable=true"
- "traefik.http.routers.automatisch.rule=Host(`{{ automatisch_domain }}`)"
- "traefik.http.routers.automatisch.tls=true"
- "traefik.http.routers.automatisch.tls.certresolver=letsencrypt"
- "traefik.http.routers.automatisch.middlewares=automatisch-auth@docker"
- "traefik.http.services.automatisch.loadbalancer.server.port=3000"
# Authentik forward auth — protects the entire app with Authentik SSO.
# Pre-requisite: create a Proxy Provider (Forward Auth, single application)
# in Authentik pointing to https://{{ automatisch_domain }}, then add it
# to the embedded outpost.
- "traefik.http.middlewares.automatisch-auth.forwardauth.address=https://{{ authentik_domain }}/outpost.goauthentik.io/auth/traefik"
- "traefik.http.middlewares.automatisch-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.automatisch-auth.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
networks:
- internal
- {{ sovereign_network_name }}
logging:
driver: gelf
options:
gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
tag: "automatisch"
automatisch-worker:
image: automatischio/automatisch:{{ automatisch_version }}
container_name: automatisch-worker
restart: unless-stopped
depends_on:
- automatisch
environment:
WORKER: "true"
HOST: "{{ automatisch_domain }}"
PROTOCOL: https
APP_ENV: production
POSTGRES_HOST: automatisch-db
POSTGRES_PORT: "5432"
POSTGRES_DATABASE: automatisch
POSTGRES_USERNAME: automatisch
POSTGRES_PASSWORD: "{{ automatisch_db_password }}"
REDIS_HOST: automatisch-redis
REDIS_PORT: "6379"
ENCRYPTION_KEY: "{{ automatisch_encryption_key }}"
WEBHOOK_SECRET_KEY: "{{ automatisch_webhook_secret_key }}"
APP_SECRET_KEY: "{{ automatisch_app_secret_key }}"
TELEMETRY_ENABLED: "false"
volumes:
- {{ automatisch_data_dir }}/storage:/automatisch/packages/backend/storage
networks:
- internal
logging:
driver: gelf
options:
gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
tag: "automatisch-worker"
networks:
internal:
{{ sovereign_network_name }}:
external: true
Reference in New Issue View Git Blame Copy Permalink