apperture/docker-compose.yml at main · UoMResearchIT/apperture · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
secrets:
  AUTHELIA_JWT_SECRET:
    file: ${PWD}/config/authelia/secrets/AUTHELIA_JWT_SECRET
  AUTHELIA_SESSION_SECRET:
    file: ${PWD}/config/authelia/secrets/AUTHELIA_SESSION_SECRET
  AUTHELIA_STORAGE_PASSWORD:
    file: ${PWD}/config/authelia/secrets/AUTHELIA_STORAGE_PASSWORD
  AUTHELIA_STORAGE_ENCRYPTION_KEY:
    file: ${PWD}/config/authelia/secrets/AUTHELIA_STORAGE_ENCRYPTION_KEY
  LLDAP_JWT_SECRET:
    file: ${PWD}/config/lldap/secrets/LLDAP_JWT_SECRET
  LLDAP_PASSWORD:
    file: ${PWD}/config/lldap/secrets/LLDAP_PASSWORD
  LLDAP_STORAGE_PASSWORD:
    file: ${PWD}/config/lldap/secrets/LLDAP_STORAGE_PASSWORD

services:
  proxy:
    build:
      context: ./
      dockerfile_inline: |
        FROM caddy:2.10
        RUN apk add jinja2-cli
        COPY config/caddy/Caddyfile.j2 /etc/caddy/Caddyfile.j2
        COPY config.json /etc/caddy/config.json
        RUN jinja2 /etc/caddy/Caddyfile.j2 /etc/caddy/config.json -D domain='${URL}' > /etc/caddy/Caddyfile
    container_name: proxy.${URL}
    depends_on:
      - authelia
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./key.pem:/ssl/certs/key.pem
      - ./cert.pem:/ssl/certs/cert.pem
      - caddy-config:/config
    networks:
      apperture:

  whoami:
    container_name: apperture-whoami
    image: docker.io/traefik/whoami
    restart: unless-stopped
    networks:
      apperture:
    environment:
      TZ: 'Europe/London'

  authelia:
    container_name: apperture-authelia
    image: authelia/authelia
    depends_on:
      authelia-postgres:
        condition: service_healthy
      lldap:
        condition: service_healthy
    restart: unless-stopped
    volumes:
      - ./config/authelia/config/configuration.yml:/config/configuration.yml:ro
    secrets: [
        AUTHELIA_JWT_SECRET,
        AUTHELIA_SESSION_SECRET,
        AUTHELIA_STORAGE_PASSWORD,
        AUTHELIA_STORAGE_ENCRYPTION_KEY,
        LLDAP_PASSWORD]
    environment:
      TZ: 'Europe/London'
      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/AUTHELIA_JWT_SECRET'
      AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/AUTHELIA_SESSION_SECRET'
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/AUTHELIA_STORAGE_PASSWORD'
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/AUTHELIA_STORAGE_ENCRYPTION_KEY'
      AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: '/run/secrets/LLDAP_PASSWORD'
      URL: ${URL}
    networks:
      apperture:
    command: ["authelia", "--config.experimental.filters", "template"]

  authelia-postgres:
    container_name: apperture-authelia-postgres
    image: postgres
    restart: unless-stopped
    secrets: [AUTHELIA_STORAGE_PASSWORD]
    environment:
      POSTGRES_USER: authelia
      POSTGRES_PASSWORD_FILE: /run/secrets/AUTHELIA_STORAGE_PASSWORD
      POSTGRES_DB: authelia
    networks:
      apperture:
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U authelia"]
      interval: 5s
      timeout: 5s
      retries: 5

  lldap:
    container_name: apperture-lldap
    image: nitnelave/lldap:stable
    restart: unless-stopped
    depends_on:
      lldap-postgres:
        condition: service_healthy
    secrets: [LLDAP_JWT_SECRET, LLDAP_PASSWORD, LLDAP_STORAGE_PASSWORD]
    environment:
      UID: 1000
      GID: 1000
      TZ: Europe/London
      LLDAP_JWT_SECRET_FILE: /run/secrets/LLDAP_JWT_SECRET
      LLDAP_LDAP_USER_PASS_FILE: /run/secrets/LLDAP_PASSWORD
      LLDAP_LDAP_BASE_DN: dc=example,dc=com
      LLDAP_DATABASE_URL: postgres://lldap:lldap@lldap-postgres/lldap
      # Example bind: cn=admin,ou=people,dc=example,dc=com
    volumes:
      - lldap-data:/data
    networks:
      apperture:

  lldap-postgres:
    container_name: apperture-lldap-postgres
    image: postgres
    restart: unless-stopped
    secrets: [LLDAP_STORAGE_PASSWORD]
    environment:
      POSTGRES_USER: lldap
      POSTGRES_PASSWORD: lldap
      #POSTGRES_PASSWORD_FILE: /run/secrets/LLDAP_STORAGE_PASSWORD
      POSTGRES_DB: lldap
    volumes:
      - lldap-postgres-data:/var/lib/postgresql/data
    networks:
      apperture:
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U lldap"]
      interval: 5s
      timeout: 5s
      retries: 5

  homer:
    image: b4bz/homer
    container_name: apperture-homer
    depends_on:
      homer-bootstrap:
        condition: service_completed_successfully
    volumes:
      - ./config/homer:/www/assets
    ports:
      - 8080:8080
    environment:
      - INIT_ASSETS=1
    restart: unless-stopped
    networks:
      apperture:

  homer-bootstrap:
    build:
      dockerfile_inline: |
        FROM python:3.12-alpine
        RUN pip install pyyaml
        COPY ./homer-bootstrap /app
        RUN mkdir -p /proxy-bootstrap /configs /app/homer
        ENTRYPOINT ["python3", "/app/configure_homepage.py"]
    container_name: apperture-homer-bootstrap
    environment:
      ORGANISATION: ${ORGANISATION}
      TITLE: ${TITLE}
      DOMAIN: ${URL}
    networks:
      apperture:
    volumes:
      - ./config.json:/proxy-bootstrap/config.json
      - ./config/homer:/configs

networks:
  apperture:
    name: apperture_apperture

volumes:
  lldap-data:
  lldap-postgres-data:
  caddy-config: