Set up PocketID login

pocket-id/.env

@@ -0,0 +1,11 @@
+# Pocket ID .env app configuration
+# Configures the Pocket ID application
+# File location: /srv/pocket-id/.env
+# More information - git repo: https://git.starcat.systems/starcat-infra/auth-server
+# More information - handbook: https://about.starcat.systems/handbook/infrastructure/security/pocket-id/
+# See the documentation for more information: https://pocket-id.org/docs/configuration/environment-variables
+APP_URL=https://id.starcat.systems
+TRUST_PROXY=true
+MAXMIND_LICENSE_KEY=*REDACTED*
+PUID=1000
+PGID=1000

pocket-id/README.md

@@ -0,0 +1,20 @@
+# Pocket ID README
+## what
+The Docker Compose and `.env` files that run Pocket ID
+
+## where
+```
+/srv/pocket-id/docker-compose.yml
+/srv/pocket-id/.env
+```
+
+## redacted values
+For security, secrets have been redacted from this file. StarCat team members can find these values in [1Password](https://start.1password.com/open/i?a=B5NVCNGFJBCCLCDCN5FKFPGVBI&v=35hhast2kp5lgw3iud374426oa&i=ahsb5ohjmkyvfuoudj564xucgy&h=starcatsys.1password.com). Soon, these values will be autofilled from Vault when the container starts.
+
+## making changes
+If you make changes to `.env` or need to upgrade Pocket ID, just pull the latest image and restart the service:
+
+```
+docker compose pull
+docker compose up -d
+```

pocket-id/docker-compose.yml

@@ -0,0 +1,19 @@
+# Docker Compose file for PocketID
+# Location: /srv/pocket-id/docker-compose.yml
+
+services:
+  pocket-id:
+    image: ghcr.io/pocket-id/pocket-id:v1
+    restart: unless-stopped
+    env_file: .env
+    ports:
+      - 1411:1411
+    volumes:
+      - "./data:/app/data"
+    # Optional healthcheck
+    healthcheck:
+      test: "curl -f http://localhost:1411/healthz"
+      interval: 1m30s
+      timeout: 5s
+      retries: 2
+      start_period: 10s