Danacus
/
home-pods
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: Danacus:667e7b49a85a1d3f6ee5fbda726b8fe4934551b9
Branches Tags
Danacus:master
...
compare: Danacus:391c766e02f4419e4f4e52fcaf085e973b1fba51
Branches Tags
Danacus:master

2 Commits
667e7b49a8 ... 391c766e02

Author SHA1 Message Date
Daan Vanoverloop 391c766e02
Merge branch 'master' of git.vanoverloop.xyz:Danacus/home-pods 2022-08-21 11:02:12 +02:00
Daan Vanoverloop 255f742ddc
Update 2022-08-21 11:00:01 +02:00
7 changed files with 258 additions and 0 deletions
Show Stats Expand all files Collapse all files

38
container-authentik-postgres.service Normal file
View File

@ -0,0 +1,38 @@
# container-authentik-postgres.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman container-authentik-postgres.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-authentik.service
After=pod-authentik.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--pod-id-file %t/pod-authentik.pod-id \
--sdnotify=conmon \
-d \
--replace \
--name authentik-postgres \
--label io.containers.autoupdate=registry \
-v authentik-db:/var/lib/postgresql/data:Z \
-e POSTGRES_PASSWORD=authentik \
-e POSTGRES_USER=authentik \
-e POSTGRES_DB=authentik docker.io/postgres:12-alpine
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

34
container-authentik-redis.service Normal file
View File

@ -0,0 +1,34 @@
# container-authentik-redis.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman container-authentik-redis.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-authentik.service
After=pod-authentik.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--pod-id-file %t/pod-authentik.pod-id \
--sdnotify=conmon \
-d \
--replace \
--label io.containers.autoupdate=registry \
--name authentik-redis docker.io/redis:alpine
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

43
container-authentik-server.service Normal file
View File

@ -0,0 +1,43 @@
# container-authentik-server.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman container-authentik-server.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-authentik.service
After=pod-authentik.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--pod-id-file %t/pod-authentik.pod-id \
--sdnotify=conmon \
-d \
--replace \
--name authentik-server \
--label io.containers.autoupdate=registry \
-v authentik-media:/media:z \
-v authentik-templates:/templates:z \
-e AUTHENTIK_SECRET_KEY=P8UNDagVZS1HMUxoaov7ouP2CxpAuODBpFYyJ773w3N7Pk96m4 \
-e AUTHENTIK_ERROR_REPORTING__ENABLED=true \
-e AUTHENTIK_REDIS__HOST=localhost \
-e AUTHENTIK_POSTGRESQL__HOST=localhost \
-e AUTHENTIK_POSTGRESQL__USER=authentik \
-e AUTHENTIK_POSTGRESQL__NAME=authentik \
-e AUTHENTIK_POSTGRESQL__PASSWORD=authentik ghcr.io/goauthentik/server:latest server
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

44
container-authentik-worker.service Normal file
View File

@ -0,0 +1,44 @@
# container-authentik-worker.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman container-authentik-worker.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
BindsTo=pod-authentik.service
After=pod-authentik.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--pod-id-file %t/pod-authentik.pod-id \
--sdnotify=conmon \
-d \
--replace \
--name authentik-worker \
--label io.containers.autoupdate=registry \
-v authentik-media:/media:z \
-v authentik-templates:/templates:z \
-v authentik-certs:/certs:Z \
-e AUTHENTIK_SECRET_KEY=P8UNDagVZS1HMUxoaov7ouP2CxpAuODBpFYyJ773w3N7Pk96m4 \
-e AUTHENTIK_ERROR_REPORTING__ENABLED=true \
-e AUTHENTIK_REDIS__HOST=localhost \
-e AUTHENTIK_POSTGRESQL__HOST=localhost \
-e AUTHENTIK_POSTGRESQL__USER=authentik \
-e AUTHENTIK_POSTGRESQL__NAME=authentik \
-e AUTHENTIK_POSTGRESQL__PASSWORD=authentik ghcr.io/goauthentik/server:latest worker
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

47
container-oauth2-proxy.service Normal file
View File

@ -0,0 +1,47 @@
# container-oauth2-proxy.service
# autogenerated by Podman 4.1.1
# Thu Aug 18 10:12:36 UTC 2022
[Unit]
Description=Podman container-oauth2-proxy.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d \
--replace \
--name oauth2-proxy \
-p 4180:4180 \
-e OAUTH2_PROXY_PROVIDER=keycloak-oidc \
-e OAUTH2_PROXY_CLIENT_ID=oauth2-proxy \
-e OAUTH2_PROXY_CLIENT_SECRET=H2SITUCIsnVMq0k1OfWsQuSvXmkdHBe0 \
#-e OAUTH2_PROXY_REDIRECT_URL=https://home.vanoverloop.xyz/oauth2/callback \
-e OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.vanoverloop.xyz/realms/master \
-e OAUTH2_PROXY_ALLOWED_ROLE=home \
-e OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 \
-e OAUTH2_PROXY_REVERSE_PROXY=true \
-e OAUTH2_PROXY_COOKIE_SECRET=jmoZ8LpDuAO1PLAtD16Xe4tu7e_OAmXZetiumqquCWA= \
-e OAUTH2_PROXY_UPSTREAMS=http://pi.lan:5180/ \
-e OAUTH2_PROXY_EMAIL_DOMAINS=* \
-e OAUTH2_PROXY_AUTH_LOGGING=true \
-e OAUTH2_PROXY_REQUEST_LOGGING=true \
-e OAUTH2_PROXY_SESSION_COOKIE_MINIMAL=true \
-e OAUTH2_PROXY_COOKIE_DOMAINS=.vanoverloop.xyz \
-e OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true quay.io/oauth2-proxy/oauth2-proxy
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

26
container-proxy-internal.service Normal file
View File

@ -0,0 +1,26 @@
[Unit]
Description=Podman container-proxy-internal.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon --replace -d \
--name=proxy-internal \
-v proxy-internal-data:/data:Z \
-v proxy-internal-letsencrypt:/etc/letsencrypt:Z \
--ip=10.88.0.18 \
-p 5180:80 -p 82:81 \
--label "io.containers.autoupdate=registry" \
docker.io/jc21/nginx-proxy-manager:latest
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target

26
pod-authentik.service Normal file
View File

@ -0,0 +1,26 @@
# pod-authentik.service
# autogenerated by Podman 4.1.1
# Wed Aug 17 07:18:00 UTC 2022
[Unit]
Description=Podman pod-authentik.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=
Requires=container-authentik-postgres.service container-authentik-redis.service container-authentik-server.service container-authentik-worker.service
Before=container-authentik-postgres.service container-authentik-redis.service container-authentik-server.service container-authentik-worker.service
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/pod-authentik.pid %t/pod-authentik.pod-id
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-authentik.pid --pod-id-file %t/pod-authentik.pod-id --name authentik -p 9000:9000 -p 9443:9443 --replace
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-authentik.pod-id
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-authentik.pod-id -t 10
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-authentik.pod-id
PIDFile=%t/pod-authentik.pid
Type=forking
[Install]
WantedBy=default.target