name: authelia
services:
  authelia:
    container_name: authelia
    image: authelia/authelia:latest@sha256:0c824dcab1ae97c56bf673c5e77fe8cc6bcd400564555140cc8002a12c6b6463
    restart: unless-stopped
    environment:
      AUTHELIA_JWT_SECRET_FILE: /secrets/jwt_secret.txt
      AUTHELIA_SESSION_SECRET_FILE: /secrets/session_secret.txt
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /secrets/storage_encryption_key.txt
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /secrets/postgres_password.txt
      AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /secrets/smtp_password.txt
    volumes:
      - /mnt/user/appdata/authelia/config:/config
      - /mnt/user/appdata/secrets/authelia_jwt_secret.txt:/secrets/jwt_secret.txt:ro
      - /mnt/user/appdata/secrets/authelia_session_secret.txt:/secrets/session_secret.txt:ro
      - /mnt/user/appdata/secrets/authelia_storage_encryption_key.txt:/secrets/storage_encryption_key.txt:ro
      - /mnt/user/appdata/secrets/authelia_postgres_password.txt:/secrets/postgres_password.txt:ro
      - /mnt/user/appdata/secrets/authelia_smtp_password.txt:/secrets/smtp_password.txt:ro
    dns:
      - 192.168.178.58
      - 1.1.1.1
      - 8.8.8.8
    networks:
      - frontend_net
      - backend_net
    security_opt:
      - no-new-privileges:true
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=frontend_net"
      - "traefik.http.routers.authelia.rule=Host(`auth.kaleschke.info`)"
      - "traefik.http.routers.authelia.entrypoints=websecure"
      - "traefik.http.routers.authelia.tls=true"
      - "traefik.http.routers.authelia.tls.certresolver=le"
      - "traefik.http.services.authelia.loadbalancer.server.port=9091"
     
networks:
  frontend_net:
    external: true
  backend_net:
    external: true