version: "3.8"
secrets:
  JWT_SECRET:
    file: ../secrets/authelia/JWT_SECRET
  SESSION_SECRET:
    file: ../secrets/authelia/SESSION_SECRET
  STORAGE_PASSWORD:
    file: ../secrets/authelia/STORAGE_PASSWORD
  STORAGE_ENCRYPTION_KEY:
    file: ../secrets/authelia/STORAGE_ENCRYPTION_KEY

services:
  authelia:
    container_name: authelia
    image: docker.io/authelia/authelia:4.37
    userns_mode: keep-id
    depends_on:
      - postgres
      - authelia_setup
    restart: unless-stopped
    expose:
      - 9091
    secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY]
    #user: 8000:9000
    environment:
      PUID: 1000
      PGID: 1000
      AUTHELIA_JWT_SECRET_FILE: /run/secrets/JWT_SECRET
      AUTHELIA_SESSION_SECRET_FILE: /run/secrets/SESSION_SECRET
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/STORAGE_ENCRYPTION_KEY
    volumes:
      - ../data/authelia/config:/config

  postgres:
    image: postgres:16.0-alpine
    depends_on:
      - authelia_setup
    secrets: [STORAGE_PASSWORD]
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD
      POSTGRES_DB: authelia
      POSTGRES_USER: authelia
    volumes:
      - postgres-data:/var/lib/postgresql/data

  authelia_setup:
      image: docker.io/authelia/authelia:4.37
      volumes:
        - ../secrets/authelia:/secrets
        - ./authelia/generate-secrets.sh:/generate-secrets.sh
      restart: no
      entrypoint: [ "/generate-secrets.sh", "/secrets" ]

  caddy:
    volumes:
      - ./authelia/Proxyfile:/etc/caddy.d/authelia:ro

volumes:
  postgres-data:
  authelia-config: