make things work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

.devcontainer/Dockerfile

@@ -0,0 +1,7 @@
+FROM ghcr.io/goauthentik/server:latest
+
+USER root
+
+HEALTHCHECK --interval=10s CMD exit 0
+
+RUN pip install --no-cache-dir -r /app-root/requirements-dev.txt

.devcontainer/devcontainer.json

@@ -0,0 +1,34 @@
+{
+    "name": "authentik",
+    "dockerComposeFile": "docker-compose.yml",
+    "service": "app",
+    "workspaceFolder": "/app-root",
+    "features": {
+        "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
+        "ghcr.io/devcontainers/features/go:1": {},
+        "ghcr.io/devcontainers/features/node:1": {}
+    },
+    "forwardPorts": [9000],
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "EditorConfig.EditorConfig",
+                "bashmish.es6-string-css",
+                "bpruitt-goddard.mermaid-markdown-syntax-highlighting",
+                "dbaeumer.vscode-eslint",
+                "esbenp.prettier-vscode",
+                "golang.go",
+                "Gruntfuggly.todo-tree",
+                "mechatroner.rainbow-csv",
+                "ms-python.black-formatter",
+                "ms-python.isort",
+                "ms-python.pylint",
+                "ms-python.python",
+                "ms-python.vscode-pylance",
+                "redhat.vscode-yaml",
+                "Tobermory.es6-string-html",
+                "unifiedjs.vscode-mdx"
+            ]
+        }
+    }
+}

.devcontainer/docker-compose.yml

@@ -0,0 +1,32 @@
+version: '3.8'
+
+services:
+  app:
+    build:
+      context: ..
+      dockerfile: .devcontainer/Dockerfile
+    volumes:
+      - ../:/app-root:cached
+    command: debug
+    environment:
+      AUTHENTIK_POSTGRESQL__USER: postgres
+      AUTHENTIK_POSTGRESQL__PASSWORD: postgres
+      AUTHENTIK_BOOTSTRAP_PASSWORD: akadmin
+      AUTHENTIK_BOOTSTRAP_TOKEN: akadmin
+  db:
+    image: docker.io/library/postgres:15
+    restart: unless-stopped
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    network_mode: service:app
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: authentik
+      POSTGRES_PASSWORD: postgres
+  redis:
+    image: docker.io/redis/redis-stack-server
+    restart: unless-stopped
+    network_mode: service:app
+
+volumes:
+  postgres-data:

.vscode/tasks.json

@@ -3,26 +3,23 @@
     "tasks": [
         {
             "label": "authentik[core]: format & test",
-            "command": "poetry",
-            "args": [
-                "run",
-                "make"
-            ],
+            "command": "make",
             "group": "build",
         },
         {
             "label": "authentik[core]: run",
-            "command": "poetry",
+            "command": "ak",
             "args": [
-                "run",
-                "make",
-                "run",
+                "server",
             ],
             "group": "build",
             "presentation": {
                 "panel": "dedicated",
                 "group": "running"
             },
+            "runOptions": {
+                "runOn": "folderOpen"
+            }
         },
         {
             "label": "authentik[web]: format",
@@ -39,6 +36,9 @@
                 "panel": "dedicated",
                 "group": "running"
             },
+            "runOptions": {
+                "runOn": "folderOpen"
+            }
         },
         {
             "label": "authentik: install",

Dockerfile

@@ -68,14 +68,14 @@ LABEL org.opencontainers.image.url https://goauthentik.io
 LABEL org.opencontainers.image.description goauthentik.io Main server image, see https://goauthentik.io for more info.
 LABEL org.opencontainers.image.source https://github.com/goauthentik/authentik
 
-WORKDIR /
+WORKDIR /app-root
 
 ARG GIT_BUILD_HASH
 ENV GIT_BUILD_HASH=$GIT_BUILD_HASH
 
-COPY --from=poetry-locker /work/requirements.txt /
-COPY --from=poetry-locker /work/requirements-dev.txt /
-COPY --from=geoip /usr/share/GeoIP /geoip
+COPY --from=poetry-locker /work/requirements.txt /app-root
+COPY --from=poetry-locker /work/requirements-dev.txt /app-root
+COPY --from=geoip /usr/share/GeoIP /app-root/geoip
 
 RUN apt-get update && \
     # Required for installing pip packages
@@ -84,35 +84,35 @@ RUN apt-get update && \
     apt-get install -y --no-install-recommends libxmlsec1-openssl libmaxminddb0 && \
     # Required for bootstrap & healtcheck
     apt-get install -y --no-install-recommends runit && \
-    pip install --no-cache-dir -r /requirements.txt && \
+    pip install --no-cache-dir -r /app-root/requirements.txt && \
     apt-get remove --purge -y build-essential pkg-config libxmlsec1-dev && \
     apt-get autoremove --purge -y && \
     apt-get clean && \
     rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && \
-    adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \
+    adduser --system --no-create-home --uid 1000 --group --home /app-root authentik && \
+    mkdir -p /app-root /app-root/.ssh && \
     mkdir -p /certs /media /blueprints && \
-    mkdir -p /authentik/.ssh && \
-    chown authentik:authentik /certs /media /authentik/.ssh
+    chown -R authentik:authentik /certs /media /app-root/
 
-COPY ./authentik/ /authentik
-COPY ./pyproject.toml /
-COPY ./schemas /schemas
-COPY ./locale /locale
-COPY ./tests /tests
-COPY ./manage.py /
+COPY ./authentik/ /app-root/authentik
+COPY ./pyproject.toml /app-root/
+COPY ./schemas /app-root/schemas
+COPY ./locale /app-root/locale
+COPY ./tests /app-root/tests
+COPY ./manage.py /app-root/
 COPY ./blueprints /blueprints
-COPY ./lifecycle/ /lifecycle
+COPY ./lifecycle/ /app-root/lifecycle
 COPY --from=go-builder /work/authentik /bin/authentik
-COPY --from=web-builder /work/web/dist/ /web/dist/
-COPY --from=web-builder /work/web/authentik/ /web/authentik/
-COPY --from=website-builder /work/website/help/ /website/help/
+COPY --from=web-builder /work/web/dist/ /app-root/web/dist/
+COPY --from=web-builder /work/web/authentik/ /app-root/web/authentik/
+COPY --from=website-builder /work/website/help/ /app-root/website/help/
 
 USER 1000
 
 ENV TMPDIR /dev/shm/
 ENV PYTHONUNBUFFERED 1
-ENV PATH "/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/lifecycle"
+ENV PATH "/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/app-root/lifecycle"
 
-HEALTHCHECK --interval=30s --timeout=30s --start-period=60s --retries=3 CMD [ "/lifecycle/ak", "healthcheck" ]
+HEALTHCHECK --interval=30s --timeout=30s --start-period=60s --retries=3 CMD [ "ak", "healthcheck" ]
 
-ENTRYPOINT [ "/usr/local/bin/dumb-init", "--", "/lifecycle/ak" ]
+ENTRYPOINT [ "/usr/local/bin/dumb-init", "--", "ak" ]

authentik/lib/default.yml

@@ -72,7 +72,7 @@ cookie_domain: null
 disable_update_check: false
 disable_startup_analytics: false
 avatars: env://AUTHENTIK_AUTHENTIK__AVATARS?gravatar,initials
-geoip: "/geoip/GeoLite2-City.mmdb"
+geoip: "/app-root/geoip/GeoLite2-City.mmdb"
 
 footer_links: []