initial docker setup

project/infrastructure/authelia/authelia.yml

@@ -0,0 +1,41 @@
+secrets:
+  JWT_SECRET:
+    file: ${INFRA_PATH}/authelia/secrets/JWT_SECRET
+  SESSION_SECRET:
+    file: ${INFRA_PATH}/authelia/secrets/SESSION_SECRET
+  STORAGE_PASSWORD:
+    file: ${INFRA_PATH}/authelia/secrets/STORAGE_PASSWORD
+  STORAGE_ENCRYPTION_KEY:
+    file: ${INFRA_PATH}/authelia/secrets/STORAGE_ENCRYPTION_KEY
+services:
+  authelia:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: authelia
+    image: authelia/authelia:latest
+    expose:
+      - 9091
+    secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY]
+    environment:
+      AUTHELIA_JWT_SECRET_FILE: /run/secrets/JWT_SECRET
+      AUTHELIA_SESSION_SECRET_FILE: /run/secrets/SESSION_SECRET
+      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD
+      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/STORAGE_ENCRYPTION_KEY
+      AUTHELIA_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} # this does not work for access control or openID yet
+      AUTHELIA_LOCAL_DOMAIN: ${LOCAL_DOMAIN} # this does not work for access control or openID yet
+    volumes:
+      - ${INFRA_PATH}/authelia/config:/config
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.authelia.rule=Host(`auth.${PUBLIC_DOMAIN}`)'
+      - "traefik.http.routers.authelia.tls.certresolver=myresolver"
+      - 'traefik.http.routers.authelia.entryPoints=https'
+      - 'traefik.http.routers.authelia.tls=true'
+      - 'traefik.http.routers.authelia.service=authelia-svc'
+      - 'traefik.http.services.authelia-svc.loadbalancer.server.port=9091'
+      # Middleware
+      - "traefik.http.routers.authelia.middlewares=crowdsec-bouncer@file"