services:
  postgresql:
    image: docker.io/library/postgres:16-alpine
    restart: unless-stopped

    environment:
      POSTGRES_DB: authentik
      POSTGRES_USER: authentik
      POSTGRES_PASSWORD: QIMcaD90jPctJpQx6q1i9gMKF1g8VCHE2aSgSrASYBoOIZ

    healthcheck:
      test:
        - CMD-SHELL
        - pg_isready -d authentik -U authentik
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 20s

    volumes:
      - /docker/authentik/database:/var/lib/postgresql/data

  server:
    image: ghcr.io/goauthentik/server:2025.10.3
    command: server
    restart: unless-stopped

    depends_on:
      postgresql:
        condition: service_healthy

    environment:
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: QIMcaD90jPctJpQx6q1i9gMKF1g8VCHE2aSgSrASYBoOIZ
      AUTHENTIK_SECRET_KEY: yDCM9VVhmigqSJ2xdCQdLNfdUsLGfRh8hz1co2LtwqNwMA66Nql9QHFOo0BWXxiJ0YrJ3cQAeN9XG

    ports:
      - "8000:9000"
      - "8443:9443"

    volumes:
      - /docker/authentik/media:/media
      - /docker/authentik/custom-templates:/templates

  worker:
    image: ghcr.io/goauthentik/server:2025.10.3
    command: worker
    restart: unless-stopped
    user: root

    depends_on:
      postgresql:
        condition: service_healthy

    environment:
      AUTHENTIK_POSTGRESQL__HOST: postgresql
      AUTHENTIK_POSTGRESQL__NAME: authentik
      AUTHENTIK_POSTGRESQL__USER: authentik
      AUTHENTIK_POSTGRESQL__PASSWORD: QIMcaD90jPctJpQx6q1i9gMKF1g8VCHE2aSgSrASYBoOIZ
      AUTHENTIK_SECRET_KEY: yDCM9VVhmigqSJ2xdCQdLNfdUsLGfRh8hz1co2LtwqNwMA66Nql9QHFOo0BWXxiJ0YrJ3cQAeN9XG

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /docker/authentik/media:/media
      - /docker/authentik/certs:/certs
      - /docker/authentik/custom-templates:/templates