Merge branch 'master' of git.vanoverloop.xyz:Danacus/home-pods

Update
2022-08-21 11:02:12 +02:00 · 2022-08-21 11:00:01 +02:00
7 changed files with 258 additions and 0 deletions
--- a/container-authentik-postgres.service
+++ b/container-authentik-postgres.service
@ -0,0 +1,38 @@
+# container-authentik-postgres.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman container-authentik-postgres.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-authentik.service
+After=pod-authentik.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--pod-id-file %t/pod-authentik.pod-id \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name authentik-postgres \
+	--label io.containers.autoupdate=registry \
+	-v authentik-db:/var/lib/postgresql/data:Z \
+	-e POSTGRES_PASSWORD=authentik \
+	-e POSTGRES_USER=authentik \
+	-e POSTGRES_DB=authentik docker.io/postgres:12-alpine
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-authentik-redis.service
+++ b/container-authentik-redis.service
@ -0,0 +1,34 @@
+# container-authentik-redis.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman container-authentik-redis.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-authentik.service
+After=pod-authentik.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--pod-id-file %t/pod-authentik.pod-id \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--label io.containers.autoupdate=registry \
+	--name authentik-redis docker.io/redis:alpine
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-authentik-server.service
+++ b/container-authentik-server.service
@ -0,0 +1,43 @@
+# container-authentik-server.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman container-authentik-server.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-authentik.service
+After=pod-authentik.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--pod-id-file %t/pod-authentik.pod-id \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name authentik-server \
+	--label io.containers.autoupdate=registry \
+	-v authentik-media:/media:z \
+	-v authentik-templates:/templates:z \
+	-e AUTHENTIK_SECRET_KEY=P8UNDagVZS1HMUxoaov7ouP2CxpAuODBpFYyJ773w3N7Pk96m4 \
+	-e AUTHENTIK_ERROR_REPORTING__ENABLED=true \
+	-e AUTHENTIK_REDIS__HOST=localhost \
+	-e AUTHENTIK_POSTGRESQL__HOST=localhost \
+	-e AUTHENTIK_POSTGRESQL__USER=authentik \
+	-e AUTHENTIK_POSTGRESQL__NAME=authentik \
+	-e AUTHENTIK_POSTGRESQL__PASSWORD=authentik ghcr.io/goauthentik/server:latest server
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-authentik-worker.service
+++ b/container-authentik-worker.service
@ -0,0 +1,44 @@
+# container-authentik-worker.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman container-authentik-worker.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+BindsTo=pod-authentik.service
+After=pod-authentik.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--pod-id-file %t/pod-authentik.pod-id \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name authentik-worker \
+	--label io.containers.autoupdate=registry \
+	-v authentik-media:/media:z \
+	-v authentik-templates:/templates:z \
+	-v authentik-certs:/certs:Z \
+	-e AUTHENTIK_SECRET_KEY=P8UNDagVZS1HMUxoaov7ouP2CxpAuODBpFYyJ773w3N7Pk96m4 \
+	-e AUTHENTIK_ERROR_REPORTING__ENABLED=true \
+	-e AUTHENTIK_REDIS__HOST=localhost \
+	-e AUTHENTIK_POSTGRESQL__HOST=localhost \
+	-e AUTHENTIK_POSTGRESQL__USER=authentik \
+	-e AUTHENTIK_POSTGRESQL__NAME=authentik \
+	-e AUTHENTIK_POSTGRESQL__PASSWORD=authentik ghcr.io/goauthentik/server:latest worker
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-oauth2-proxy.service
+++ b/container-oauth2-proxy.service
@ -0,0 +1,47 @@
+# container-oauth2-proxy.service
+# autogenerated by Podman 4.1.1
+# Thu Aug 18 10:12:36 UTC 2022
+
+[Unit]
+Description=Podman container-oauth2-proxy.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name oauth2-proxy \
+	-p 4180:4180 \
+	-e OAUTH2_PROXY_PROVIDER=keycloak-oidc \
+	-e OAUTH2_PROXY_CLIENT_ID=oauth2-proxy \
+	-e OAUTH2_PROXY_CLIENT_SECRET=H2SITUCIsnVMq0k1OfWsQuSvXmkdHBe0 \
+#-e OAUTH2_PROXY_REDIRECT_URL=https://home.vanoverloop.xyz/oauth2/callback \
+	-e OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.vanoverloop.xyz/realms/master \
+	-e OAUTH2_PROXY_ALLOWED_ROLE=home \
+	-e OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 \
+	-e OAUTH2_PROXY_REVERSE_PROXY=true \
+	-e OAUTH2_PROXY_COOKIE_SECRET=jmoZ8LpDuAO1PLAtD16Xe4tu7e_OAmXZetiumqquCWA= \
+	-e OAUTH2_PROXY_UPSTREAMS=http://pi.lan:5180/ \
+	-e OAUTH2_PROXY_EMAIL_DOMAINS=* \
+	-e OAUTH2_PROXY_AUTH_LOGGING=true \
+	-e OAUTH2_PROXY_REQUEST_LOGGING=true \
+	-e OAUTH2_PROXY_SESSION_COOKIE_MINIMAL=true \
+	-e OAUTH2_PROXY_COOKIE_DOMAINS=.vanoverloop.xyz \
+	-e OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true quay.io/oauth2-proxy/oauth2-proxy
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/container-proxy-internal.service
+++ b/container-proxy-internal.service
@ -0,0 +1,26 @@
+[Unit]
+Description=Podman container-proxy-internal.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
+ 	--name=proxy-internal \
+	-v proxy-internal-data:/data:Z \
+	-v proxy-internal-letsencrypt:/etc/letsencrypt:Z \
+	--ip=10.88.0.18 \
+	-p 5180:80 -p 82:81 \
+	--label "io.containers.autoupdate=registry" \
+	docker.io/jc21/nginx-proxy-manager:latest
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
--- a/pod-authentik.service
+++ b/pod-authentik.service
@ -0,0 +1,26 @@
+# pod-authentik.service
+# autogenerated by Podman 4.1.1
+# Wed Aug 17 07:18:00 UTC 2022
+
+[Unit]
+Description=Podman pod-authentik.service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=
+Requires=container-authentik-postgres.service container-authentik-redis.service container-authentik-server.service container-authentik-worker.service
+Before=container-authentik-postgres.service container-authentik-redis.service container-authentik-server.service container-authentik-worker.service
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=on-failure
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/pod-authentik.pid %t/pod-authentik.pod-id
+ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-authentik.pid --pod-id-file %t/pod-authentik.pod-id --name authentik -p 9000:9000 -p 9443:9443 --replace
+ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-authentik.pod-id
+ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-authentik.pod-id -t 10
+ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-authentik.pod-id
+PIDFile=%t/pod-authentik.pid
+Type=forking
+
+[Install]
+WantedBy=default.target
Author	SHA1	Message	Date
Daan Vanoverloop	391c766e02	Merge branch 'master' of git.vanoverloop.xyz:Danacus/home-pods	2022-08-21 11:02:12 +02:00
Daan Vanoverloop	255f742ddc	Update	2022-08-21 11:00:01 +02:00