services:
  authelia:
    image: authelia/authelia:latest
    container_name: authelia
    volumes:
      - /opt/homelab/data/authelia:/config
      - ./configuration.yml:/config/configuration.yml:ro
      - ./users.yml:/config/users.yml:ro
    networks:
      - proxy_net
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.authelia.rule=Host(`auth.kotori-waifu.cc`)"
      - "traefik.http.routers.authelia.tls.certresolver=cloudflare"
      - "traefik.http.services.authelia.loadbalancer.server.port=9091"
      - "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://auth.kotori-waifu.cc/"
      - "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"
    restart: unless-stopped
    env_file:
      - .env

networks:
  proxy_net:
    external: true