From 894ccff668b23b70aa68f6f9535986da182f0b24 Mon Sep 17 00:00:00 2001
From: thhsh <thhsh@noreply.git.starcat.systems>
Date: Mon, 21 Jul 2025 16:56:06 -0400
Subject: [PATCH] Replace Pocket ID with Authentik

---
 README.md                    |  10 ++--
 authentik/.env               |  22 ++++++++
 authentik/README.md          |  29 +++++++++++
 authentik/docker-compose.yml |  98 +++++++++++++++++++++++++++++++++++
 pocket-id.png                | Bin 4463 -> 0 bytes
 pocket-id/.env               |  11 ----
 pocket-id/README.md          |  20 -------
 pocket-id/docker-compose.yml |  19 -------
 8 files changed, 154 insertions(+), 55 deletions(-)
 create mode 100644 authentik/.env
 create mode 100644 authentik/README.md
 create mode 100644 authentik/docker-compose.yml
 delete mode 100644 pocket-id.png
 delete mode 100644 pocket-id/.env
 delete mode 100644 pocket-id/README.md
 delete mode 100644 pocket-id/docker-compose.yml

diff --git a/README.md b/README.md
index a01bf95..df2bb81 100644
--- a/README.md
+++ b/README.md
@@ -5,14 +5,14 @@ The configs, tweaks, and pieces that make up the `id.starcat.systems` accounts s
 [![Forgejo Last Commit (main)](https://img.shields.io/gitea/last-commit/starcat-infra/auth-server/main?gitea_url=https%3A%2F%2Fgit.starcat.systems&style=flat&logo=git&logoColor=fff&logoSize=auto&label=last%20commit%20(main))](https://git.starcat.systems/starcat-infra/auth-server/src/branch/main)
 
 ## Contents
--   `pockey-id`:
-    -   `docker-compose.yml`: the Docker Compose file that runs Pocket ID
-    -   `.env`: environment variables to configure Pocket ID
+-   `authentik`:
+    -   `docker-compose.yml`: the Docker Compose file that runs Authentik
+    -   `.env`: environment variables to configure Authentik
 -   `caddy`:
-    -   `Caddyfile`: the Caddy server configuration (reverse proxies Pocket ID)
+    -   `Caddyfile`: the Caddy server configuration (reverse proxies Authentik)
 
 ## More Information
-For more information on this repo, please see [Pocket ID in the handbook](https://about.starcat.systems/handbook/infrastructure/security/pocket-id/).
+For more information on this repo, please see [Authentik in the handbook](https://about.starcat.systems/handbook/infrastructure/security/authentik/).
 
 ## Repo Mirrors
 Repo contents are automatically pushed to the following mirrors:
diff --git a/authentik/.env b/authentik/.env
new file mode 100644
index 0000000..9953599
--- /dev/null
+++ b/authentik/.env
@@ -0,0 +1,22 @@
+# Authentik .env app configuration
+# Configures the Authentik application
+# File location: /srv/authentik/.env
+# More information - git repo: https://git.starcat.systems/starcat-infra/auth-server
+# More information - handbook: https://about.starcat.systems/handbook/infrastructure/security/authentik/
+# See the documentation for more information: https://docs.goauthentik.io/docs/install-config/configuration/
+PG_PASS=*REDACTED*
+AUTHENTIK_SECRET_KEY=*REDACTED*
+AUTHENTIK_ERROR_REPORTING__ENABLED=true
+# SMTP Host Emails are sent to
+AUTHENTIK_EMAIL__HOST=*REDACTED*
+AUTHENTIK_EMAIL__PORT=465
+# Optionally authenticate (don't add quotation marks to your password)
+AUTHENTIK_EMAIL__USERNAME=accounts-noreply@starcat.systems
+AUTHENTIK_EMAIL__PASSWORD=*REDACTED*
+# Use StartTLS
+AUTHENTIK_EMAIL__USE_TLS=false
+# Use SSL
+AUTHENTIK_EMAIL__USE_SSL=true
+AUTHENTIK_EMAIL__TIMEOUT=10
+# Email address authentik will send from, should have a correct @domain
+AUTHENTIK_EMAIL__FROM=accounts-noreply@starcat.systems
\ No newline at end of file
diff --git a/authentik/README.md b/authentik/README.md
new file mode 100644
index 0000000..4192f36
--- /dev/null
+++ b/authentik/README.md
@@ -0,0 +1,29 @@
+# Authentik README
+## what
+The Docker Compose and `.env` files that run Authentik
+
+## where
+```
+/srv/authentik/docker-compose.yml
+/srv/authentik/.env
+```
+
+## redacted values
+For security, secrets have been redacted from these files. StarCat team members can find these values in [1Password](https://start.1password.com/open/i?a=B5NVCNGFJBCCLCDCN5FKFPGVBI&v=35hhast2kp5lgw3iud374426oa&i=wulgiodikbbu4x5rxvco4zren4&h=starcatsys.1password.com). Soon, these values will be autofilled from Vault when the container starts.
+
+## making changes
+If you make changes to `.env`, just pull the latest image and restart the service:
+
+```
+docker compose pull
+docker compose up -d
+```
+
+## upgrading
+To upgrade Authentik, download the latest `docker-compose.yml` file, (optionally) put our comments at the top of the file, pull the latest images, and restart the service:
+
+```
+wget -O docker-compose.yml https://goauthentik.io/docker-compose.yml
+docker compose pull
+docker compose up -d
+```
\ No newline at end of file
diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml
new file mode 100644
index 0000000..8502812
--- /dev/null
+++ b/authentik/docker-compose.yml
@@ -0,0 +1,98 @@
+# Docker Compose file for Authentik
+# Location: /srv/authentik/docker-compose.yml
+# IMPORTANT: When Authentik upgrades versions, the docker-compose.yml file changes. This file on Git may not be up to date. See the following for details:
+# https://git.starcat.systems/starcat-infra/auth-server/src/branch/main/authentik/README.md
+# https://docs.goauthentik.io/docs/install-config/upgrade
+
+---
+
+services:
+  postgresql:
+    image: docker.io/library/postgres:16-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+      POSTGRES_DB: ${PG_DB:-authentik}
+    env_file:
+      - .env
+  redis:
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - redis:/data
+  server:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.3}
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+    ports:
+      - "${COMPOSE_PORT_HTTP:-9000}:9000"
+      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
+    depends_on:
+      postgresql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+  worker:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.3}
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./media:/media
+      - ./certs:/certs
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+    depends_on:
+      postgresql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local
diff --git a/pocket-id.png b/pocket-id.png
deleted file mode 100644
index 8aa7f00f905fe5b6885b8eb2db4a8fe2a969e32c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4463
zcmZ`+XE<D2)ZRw#BqB=G6j#(4WsqRB=pp)zXi-O$M7fMQh?*cIdW|qzqIZS~(FHLf
zLbycl5~7#yxZkhu$M?)Lv)4Imy=U(;d#`t`H(LL`Iz0^s4FG^%Q$y7N8VMI)DhlY=
z;D-w(G>|ze=_&zG8Bcp+Lk?Z@+G-f+0^oNG0PJ%Bj-XrEWdOXz0a&#LKrR)4t4}kV
z9^8c-6pyvlRl)hiCl_D%8UUsUO;sf$--(T^KqC|5)^23K=lJpV_DonVf9~|6gG^dG
z+pP&_40D;_bNh6$)baOHNy%c`>{d^cBy=?gAAVz9)*-(6c`TKFwbPP?)2_-$RMZfm
zv@`M(*RDdP5!0gBb{J-8=$Yh;u^f~=KDJmpMlRJ4ZS7PHO}Cv+zQmXWy{tsx&<Q0a
zT}8_If|-tjnLH0<#0;Mo8Om(w%Ltfh`7F!o<CavDZ>y%4l)!a}{Oq<Nehg{%AC1<?
zgztD6N8xFfmRJTeezniKHT^w%l9_#Hr3BXr?`mMbWVKO<E~Z)PW*IDH88rWem{n*p
z9xAXsl@v*W<2XcCPE)72`(*V@WW+wwhRLsA8pI%~Csks_<u9G3OPkN$<q@OUtJ*o0
za+S8#Ik>UoDs7&6TeYnH(7T0hT)nl7CgDl-_x6@MLrZrx7g}IqKswZTQ0VAc_I&JC
z7*LDyj$txp^Bvb`&C_Cj%w;P~FznsZKRw;Imc1<f`*-o`R$C-|@u~aj<i^_)CRv)L
z4K};+88_4Lo-d}+KX&`$=OaH;g>ar-CR-+Q-%xZ>ppq+8!JpmIzrr_WGsu|Hl%KcL
z(Xdpiaw?<O?#$>CKFSvuT@#t{$ZRQ6q(*P}^=HJ}t?kF#)@vwURX3l$TPM2{+;5PC
zWTA}VCy^&jkG9lpI9(QCO``jhyNM2TEG~b04!+)MS&#M$G7H@ytG8es)$_2yTKAhP
z{=L`nJwE6qGbvgBjIE-K?Ry^UZroMj7o|qJoaa*`h3yzQhKi0vt{T1be>5fa-4#PZ
zLhL8lCMUo9Xb}0623zIX*vxL_*rv1g8X3nbbqWYCtiX+9ZTy;*waFH!sNeE2Gvj>B
zRLSURXs`R9pUsPrC60O$b0u+Jd#g37D4`KzaYe=OuEIkz4W4Uqs_ytdto9BLBS%)J
zF{~n%I_HPm9g?D=aiP~3ZdCYZcD@<J<tI}u|3Oak3iT~`eEDErUxdR&l$n@}G!7{i
zo(7)^o&H=YM5`LH6d#CvG3T+-a&)u=)&{k8bt8p2L0ar<V_(L{&1h&D1%h=|JbZ@i
zb=>vnfpG58k>8QI5(&N`NM2qNeF+^BqVc;-@5Ly*Q~C7Jo^r;#wzf8bxRTGv5Qs9w
z-M`7rgtcqK-$_k^!9acF?C@I^NkN5d3c71i`R7+jfu`5aqORW^WQqZI)_v(_u3knk
z|GIx6Z(`!%1m2O6o`Dg{d6cDW*8Ow|AJIQNP*wvV>y3XK;!)>bc%1i+1b|mQ4~-r^
z)QZo~*Jyl80eJcOOG-=MS>4@{{C-oY8h~LRXE!(8`*jx%xd0gm{(F;ieX>5DB0L-d
z^OjHhZ^?69VuoyNi{JU_{z~Dydl!zviOI>8DW87}#A)5rNx-st((Bi@-{~bFZh2BZ
zQ~S;Gy1E7x^f-@_%F2Xf5i7UG5ogF}o|Kftf_%n*G12PRVnfN3vS!GBWqOWx&#{j)
zhk>GQXD6rJa6NhZ=#G7erIKP|VuayWU_ied*&B44k@8=-uCA`6^8g!U&ySv+9t-{@
zb79LGo11G3#w$P+iEWu^4QxiA(*jU5)a3W)w%Yl+BNWmjn9{Gt8GLLG*?wgiNH={~
zSCP@LU-fl$=`EW7iRIwnD8l2Xyq?MEm?7vvK<<mHqQjGojWv7{ud|O1hXiGBhI402
z$KrIdw1|nX(VH!p-F8~B;X2pJqJyu3&hAen)E@Pxh(Q}OGe~?+EYu@rVs@6xnzwK>
z!^5K5)JA+gn@@*_XFCM>;0X-ZWKbd^A`uk14GpQ!KSM-LP#hf_ySK2guse{a#xmX(
zY_(aP_es!j`BU#}ueC7|6_~z-h3+qEYH0ml7ys?_!5q&@cEa^3);Yq*FtqDE3g|d=
zkPMHEC<_sZx}!D>z_-H0VWrBRTlOBCb-iJLGEBC#gpN|l%}ta%G6DwDNQ%nK3(3)F
z?s%V*=hR*+BR4%7A4QPl=I4JhGR^~pss0e8`$&52lU`Pq`Cq=LQn5J2J+{EpKi?wK
zDPlPlxj_#NAta0vKcTET?owm7VxXcMX7c_KHLxSg?OWN^)YCPl>g(^9paaKy8>FC$
zWcbGq9X(OAnd<TGuC9><AyYaM6b93XHVFmTjNLElJP&;B@`oPRf8W?W{$_<7z*$9U
zy5*Arw~6(K840sHR`~fhEF~X4NRg4v&HV&eVIY%r-_L2}Mozb)Qx8+q)7ely;CuAl
z@xm3b_ubKMOC>GrPF7ZyD;2PO)CR2>Mkt$Vrk9{V(_ZC(VMWaA0Qei2Re43*bj@rs
zU$0=H0WGCz)eh_qbSF|aQB^A^Cjo$$78t%xq?2NZjg3{Hgf@*0dJt;ldM}u<@;W=g
zTm-}qWul9oiMO**0Sz*O=a8a%Dm?0%^Z*mjM{;s<fMNyztpBh{g{LBeTls*D?=~-Z
zMUG9ZcI;)fLw;gAIrC|gAOq(0uB70v@a?h<2Fj%5WN3*4rdH&j3S4Y#>9_a44r2uc
ziG`dvHn-9AQGmjEEHf&eyrMYXzUOVO&t&gDt;5B|6#=Z9H0AD*0%S2BpT(U4?{KV)
zkBh^_#LysO&Nc)TNkA1>w6KUs!P|~Ve|a}<Ce$6D4TR3`e;b~4NY-n>0P@NH=9Hy7
z<H35KT7+|kQ?fjCut}t(rAK0tgz&JCHrxZ{$9c0&pX?nSNkJN?twrm}mCwPyHRHSe
zgI$ELT)oO!0%v7@;GsnWUg4!4TUc<3Skw*JR(2_DgQS!cPSL~Ck`kwR{5}jwcHeCB
zUSoCb`GJ~MiEI+-IwPgfpJ)&F+L(|+<k7@&7gR)DaEjdM#DvzNdfaekqbC~0lin3H
z$>g&%m}O*T<=!*z)A*<cO}sUt<E0M3c48S)a`?+Tb@XZtT0U;A6>jS^G>xD4lA}j1
z94fv1R!+R^xi}L9MPAQPm0!<3vBxwD{yh5KFSfGjzX>s2?wa5OJ!JIR?vi2}49j)L
zCtVaeRVjaZ1#)&}%B~2RvMGo{lrksq2?`#r^)nPWpHX3C$MtO7KRTF;*G-cEg#L%M
zO-uIe*Yon0`xg2mvd7qqrRaco#Vv&c>-f1CHtCo5Gw-6uQ{#9P?=!poSOb8SJhz}A
z{GPh{zDyZ!WSEDC2OTF-%=80d^z$n~P?z)H6Q*D5B=;y`+FeVrM9ll3&}hNfs2GIn
zAOK<|+grhfeE1esTTAELQj(HvqPV3LVfaS5BG|6FC=I-k?@TLoW8w=}SDjTlJ*$eM
zd{Nk9PYU4sEbF8o#cK0U`2wLryvb`N(dK7ySsAW3IvO{`4rXpjA(6yHg*WP@%EP^v
z1?ZTy)zvAXt@mFLwFB17z}eY(dDfDpJ@8+#GAs8ev%bE*<>}+iYSoKn6<1XycIl-K
z7alm=J!=@6Yj`%tNp$lg0X(ZO#9DJ-DFrsmN&Y1>zO*p>L;?{o4d_5B6E-i8zy8xf
zu)^vo@yi#bt(F~za0U(?lRkD}J;UEHiCL?2RluA{I1cI$j8`UW1%Vkgk%ukgB5;MB
z^=ixDy{0C)rr;kkhVH)5L{HK)HkmoOxO81Ve6aN2EGfCIm5J!|h-L&WMRj%3Gz`?w
zv|pYpJSIy@IWITOZmz3K9$^)|Au<e6GiqzWOKytQ*34Jt^g}LzmeWV~ja+am+AjbG
zNJ(F%q%763k%omX(=&Fhcr+GORgDy8m62dOfv@-6z51?3>FZ$=lM{D;zrQMGncwX&
zu<aLS1*~m=!PE}{uf_L&bED(D7YEomr2HhG(Yks;t1Ydq9o<-4s${&2GA+0Co|KT5
zlKKJ_BL(~{1u$d53YnG-M?uuj;n+h6acidADlKo#GcGkH=2nQWB=P`XB>}zc{3x4_
zAKYuR9g)W;mFD{TsQq|OfzJUv-~bhT)^FuRfS~c-qpPEMzwEuee@foJ&o`BJ$(>P<
zT!R!uuK7fZJuSJfwMd}H<Hzwi3w|o3__IjG-9}+fsLHwpgMA#ciI0nqOi@8&!DQPJ
z27{55mQD^04NEuxggZxz8ScxyHInh2{)+>J7Rgpdrly8LK?<D$H#BN%r~zFbbOh5`
zc(y8ik?zwc=VuPu+O$_r^_X3I2J#P{lNnl=kN{x{l$u)jWD2Tn>yVZ;V86a>^y_ej
zd#mO-9D`6};B+|T;0D$(pr9C>4U-?2<y$Shj{df3A?Z0L93S9B3MFPee?u5$f*sT?
z0n4C;D>vA|tE*T{aj^yh@QMM4CUFjkSn5lPi+e}Zsi90>HV}y8Q4b{n7?SZyTgppx
zpof+)qTm%8L4sW&iPF<RK|Wa$C#Y9>V0-WSM}W-)0VW2@9sbYQx#@r~3E@k-GSoPQ
zkdXopScUhRN!9*u#9cO!%8fNey48HWc?p_u*NM{im*)^);|2Wd*q8xClZmvThZ<#X
zf3s6JGin|Np`ZTxspiqJA_^ch0~Ts2=18HsLyIyoVZ8(e(-Nu{`V-79UhUR9Dh8++
zWBV8QGp6D`U4ZpXO(XMR;5Y15M#hW(HSidTM4AiS<?0-i!GEvu<jK1)aJa^8z$*Y!
z#H?`44<2aTz6={C0Y_!=aa`~C5)w3Sdp3p%Dt{%xwmvxzA!R{0F(vltu;#@HW~M;*
z*4m_9`E6)X25J5FI<qHKVELGG8|oPn^cQ!SaZj`DldvZFg@!gZZ@&dDZ`)}3%`@M4
zbC}s_#5eN((yQw?o=2#v`c8#)bO-_|6t4QVDu<!5)V<jjc2b!3qJy!qEgP{$BYek`
zjmZr0pHyJ84Jl#rhx1n05p(d6Q0!vcF_h6Wm2vMR5E2`VXYXdg7rWVPb^eorx9RAF
zqc8NxP^&=M(;zxhQth9%FX3l_z)VqB8$uu&a&QGzlN!d5+yft3eW-19@Lb@fXZA~y
z&<`$<_G^B(zNa6)696fp2TKyo@^8HP6oYj$K0FQL3L`fk_y!5VJs<5H3ymV>`Nst7
z7p?&dh%U0VI2TA4_F>2=80u7ids^B+n$S$|Yy8d)H7b|5j}D4|j7Oo1G1}r7rZs&*
znvBMuhRlzrxKiYs--6M9gX7yVcPK7Pr%f6MpUc0j1Y_#5MtmNC#HD2ZDnBF;t=$r)
zxM`@Y4R4;uzu({AR8(5>qWYJt;+Y=C`@a9R0Tmkk=Vp<keB)82@<){JV5j11P^N%Q
z4v-#^Yis>ljBxLDs19Gb)Ad&dHqc}`mnLCyPFEDEwOp(6S8f>Iavb+<k808O5Z)|r
zBv#OcfsN1oImz6y3ry;cXV)nSs#;GC>SCkZu<^NOU2Y(wh|8HbNTdE_tjk&cG`p<+
zk!<9GVT1Zjy38D+r+|ebVK9w)p_`4?E}gZw#QEiP1YCQ?rN<ms@32LnO&R0zV|cS7
zn@~WLfV=S4+#V(pGlM~k4K*g+?I0FPn44Z|W?ptSUiNaf9`?`x5aI|a5plQ(0&WCH
u%1I*S5RyXT;&S5Rn-wjQ{|DgeZijZj{QrQQ4YE5B0BEY+S1nVv4*efOg7ahm

diff --git a/pocket-id/.env b/pocket-id/.env
deleted file mode 100644
index cc5cb8d..0000000
--- a/pocket-id/.env
+++ /dev/null
@@ -1,11 +0,0 @@
-# Pocket ID .env app configuration
-# Configures the Pocket ID application
-# File location: /srv/pocket-id/.env
-# More information - git repo: https://git.starcat.systems/starcat-infra/auth-server
-# More information - handbook: https://about.starcat.systems/handbook/infrastructure/security/pocket-id/
-# See the documentation for more information: https://pocket-id.org/docs/configuration/environment-variables
-APP_URL=https://id.starcat.systems
-TRUST_PROXY=true
-MAXMIND_LICENSE_KEY=*REDACTED*
-PUID=1000
-PGID=1000
\ No newline at end of file
diff --git a/pocket-id/README.md b/pocket-id/README.md
deleted file mode 100644
index ad9373d..0000000
--- a/pocket-id/README.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# Pocket ID README
-## what
-The Docker Compose and `.env` files that run Pocket ID
-
-## where
-```
-/srv/pocket-id/docker-compose.yml
-/srv/pocket-id/.env
-```
-
-## redacted values
-For security, secrets have been redacted from this file. StarCat team members can find these values in [1Password](https://start.1password.com/open/i?a=B5NVCNGFJBCCLCDCN5FKFPGVBI&v=35hhast2kp5lgw3iud374426oa&i=ahsb5ohjmkyvfuoudj564xucgy&h=starcatsys.1password.com). Soon, these values will be autofilled from Vault when the container starts.
-
-## making changes
-If you make changes to `.env` or need to upgrade Pocket ID, just pull the latest image and restart the service:
-
-```
-docker compose pull
-docker compose up -d
-```
\ No newline at end of file
diff --git a/pocket-id/docker-compose.yml b/pocket-id/docker-compose.yml
deleted file mode 100644
index 5f15efb..0000000
--- a/pocket-id/docker-compose.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Docker Compose file for PocketID
-# Location: /srv/pocket-id/docker-compose.yml
-
-services:
-  pocket-id:
-    image: ghcr.io/pocket-id/pocket-id:v1
-    restart: unless-stopped
-    env_file: .env
-    ports:
-      - 1411:1411
-    volumes:
-      - "./data:/app/data"
-    # Optional healthcheck
-    healthcheck:
-      test: "curl -f http://localhost:1411/healthz"
-      interval: 1m30s
-      timeout: 5s
-      retries: 2
-      start_period: 10s
\ No newline at end of file