services: authentik_postgres: image: docker.io/library/postgres:17.5 container_name: authentik_postgres environment: - POSTGRES_DB=${POSTGRES_DB} - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} volumes: - ${APPDATA_PATH}/authentik/db:/var/lib/postgresql/data ports: - ${POSTGRES_PORT}:5432 restart: unless-stopped healthcheck: test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"] start_period: 20s interval: 30s retries: 5 timeout: 5s authentik_valkey: image: docker.io/valkey/valkey:8.1.2 container_name: authentik_valkey command: valkey-server --save 60 1 --loglevel warning --requirepass ${VALKEY_PASSWORD} volumes: - ${APPDATA_PATH}/authentik/valkey:/data ports: - ${VALKEY_PORT}:6379 restart: unless-stopped healthcheck: test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"] start_period: 20s interval: 30s retries: 5 timeout: 3s authentik_server: image: ghcr.io/goauthentik/server:2025.6.2 container_name: authentik_server depends_on: authentik_postgres: condition: service_healthy authentik_valkey: condition: service_healthy command: server environment: - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - AUTHENTIK_REDIS__HOST=authentik_valkey - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD} - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED} - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} volumes: - ${APPDATA_PATH}/authentik/media:/media - ${APPDATA_PATH}/authentik/custom-templates:/templates ports: - ${AUTHENTIK_HTTP_PORT}:9000 - ${AUTHENTIK_HTTPS_PORT}:9443 restart: unless-stopped authentik_worker: image: ghcr.io/goauthentik/server:2025.6.2 container_name: authentik_worker depends_on: authentik_postgres: condition: service_healthy authentik_valkey: condition: service_healthy command: worker environment: - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} - AUTHENTIK_REDIS__HOST=authentik_valkey - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD} - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED} - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST} - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT} - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME} - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD} - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS} - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL} - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT} - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM} volumes: - ${APPDATA_PATH}/authentik/media:/media - ${APPDATA_PATH}/authentik/certs:/certs - ${APPDATA_PATH}/authentik/custom-templates:/templates restart: unless-stopped