data "docker_registry_image" "authelia" { name = "ghcr.io/authelia/authelia:latest" } data "docker_registry_image" "authelia-redis" { name = "redis:8" } resource "docker_image" "authelia" { name = data.docker_registry_image.authelia.name pull_triggers = [data.docker_registry_image.authelia.sha256_digest] } resource "docker_image" "authelia-redis" { name = data.docker_registry_image.authelia-redis.name pull_triggers = [data.docker_registry_image.authelia-redis.sha256_digest] } resource "docker_network" "authelia-redis" { name = "authelia-redis" } resource "docker_network" "authelia" { name = "authelia" } resource "docker_container" "authelia" { image = docker_image.authelia.image_id name = "authelia" restart = "always" env = [ "PUID=1000", "PGID=1000", "AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/secrets/JWT_SECRET", "AUTHELIA_SESSION_SECRET_FILE=/secrets/SESSION_SECRET", "AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/secrets/REDIS_PASSWORD", "AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/secrets/STORAGE_PASSWORD", "AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/secrets/STORAGE_ENCRYPTION_KEY", "AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/secrets/NOTIFIER_SMTP_PASSWORD", "X_AUTHELIA_CONFIG_FILTERS=template" ] mounts { target = "/config" source = "/var/lib/containers/authelia/config" type = "bind" } mounts { target = "/secrets" source = "/var/lib/containers/authelia/secrets" type = "bind" } networks_advanced { name = docker_network.container-public.name ipv4_address = "192.168.3.58" } networks_advanced { name = docker_network.authelia.name } networks_advanced { name = docker_network.authelia-redis.name } lifecycle { ignore_changes = [ ulimit, log_opts ] } } resource "docker_container" "authelia-redis" { image = docker_image.authelia-redis.image_id name = "authelia-redis" restart = "always" env = [ "REDIS_ARGS=--requirepass kI9FkH2gpTlhUQsmWTC7wqb3" ] command = [ "redis-server", "--save", "900", "1", # RDB: save after 900s if ≥1 change "--save", "300", "10", # RDB: save after 300s if ≥10 changes "--save", "60", "10000", # RDB: save after 60s if ≥10k changes "--dbfilename", "dump.rdb", "--dir", "/data", "--appendonly", "no", # Optional: disable AOF to prioritize RDB as requested "--maxmemory", "256mb", "--maxmemory-policy", "allkeys-lru", "--protected-mode", "no", # Only safe inside isolated Docker network! "--bind", "0.0.0.0", "--port", "6379" ] mounts { target = "/data" source = "/var/lib/containers/authelia/redis" type = "bind" } networks_advanced { name = docker_network.authelia-redis.name } lifecycle { ignore_changes = [ ulimit, log_opts ] } }