[Container]
ContainerName=authentik-server
Environment="AUTHENTIK_POSTGRESQL__CONN_MAX_AGE=0"
Environment="AUTHENTIK_POSTGRESQL__HOST=192.168.11.2"
Environment="AUTHENTIK_POSTGRESQL__NAME=authentik"
Environment="AUTHENTIK_POSTGRESQL__PASSWORD=OCxfxtWadNuXslBbfWw9c0JXLMu+bWngv+qk9Ya65sw="
Environment="AUTHENTIK_POSTGRESQL__PORT=5439"
Environment="AUTHENTIK_POSTGRESQL__USER=authentik"
Environment="AUTHENTIK_REDIS__HOST=192.168.11.2"
Environment="AUTHENTIK_REDIS__PORT=5021"
# (Required)  To generate a secret key run the following command:
#             echo $(openssl rand -base64 32)
Environment="AUTHENTIK_SECRET_KEY=mlZ57mWthun9b8SPaS7Ptl0bBQX4OvyRanbqdQ+5e/k="
# (Optional)  Enable Error Reporting
# Environment="AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING:-false}"
# (Optional)  Enable Email Sending
# Environment="AUTHENTIK_EMAIL__HOST=smtp.centurylink.net"
# Environment="AUTHENTIK_EMAIL__PORT=587"
# Environment="AUTHENTIK_EMAIL__USERNAME=phares@centurylink.net"
# Environment="AUTHENTIK_EMAIL__PASSWORD=Q7rOkv6#YdLCx4SBvMIAw"
# Environment="AUTHENTIK_EMAIL__USE_TLS=false"
# Environment="AUTHENTIK_EMAIL__USE_SSL=false"
# Environment="AUTHENTIK_EMAIL__TIMEOUT=10"
# Environment="AUTHENTIK_EMAIL__FROM=noreply@phares.duckdns.org"
Exec=server
Image=ghcr.io/goauthentik/server:2024.12.1
PublishPort=5017:9000
PublishPort=5018:9443
Volume=/etc/localtime:/etc/localtime:ro
Volume=/etc/timezone:/etc/timezone:ro
Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro
Volume=authentik-server-media:/media:Z
Volume=authentik-server-templates:/templates:Z

[Service]
Restart=no

[Unit]
Requires=authentik-worker.service
After=authentik-worker.service

[Install]
WantedBy=multi-user.target default.target

# podman pull ghcr.io/goauthentik/server:2024.12.1
# systemctl --user daemon-reload
# systemctl --user start authentik-server
# systemctl --user status authentik-server --lines=999
# journalctl -fu authentik-server.service
# podman logs authentik-server
# systemctl --user stop authentik-server
# systemctl --user disable authentik-server
# podman exec -ti authentik-server /bin/sh
# podman exec -ti authentik-server /bin/bash