the10thwiz/Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Minor updates

Browse Source
This commit is contained in:
Matthew Pomes
2025-12-17 19:33:56 -06:00
parent e3d3ade4f7
commit e878dee155
4 changed files with 168 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.vpnenv Normal file
View File

@@ -0,0 +1,25 @@
TZ=America/Menominee
# # Probably US-IL#152
# VPN_ENDPOINT_IP=87.249.134.138
# VPN_ENDPOINT_PORT=51820
# WIREGUARD_ADDRESSES=10.2.0.2/32
# VPN_DNS_ADDRESS=10.2.0.1
# WIREGUARD_PUBLIC_KEY=WNLAmQkeAvdg9QRFMXq7EuwpEWWkltWwiS/DGIcjHjs=
# WIREGUARD_PRIVATE_KEY=MEvccGuRDyqlbpMdqUlCdGwlAD/LD4iTvx+6LG/0/0k=
# US-IL#156
VPN_ENDPOINT_IP=87.249.134.139
VPN_ENDPOINT_PORT=51820
WIREGUARD_ADDRESSES=10.2.0.2/32
VPN_DNS_ADDRESS=10.2.0.1
WIREGUARD_PUBLIC_KEY=xuqP9uEGryELhamLSK9IDRNhljo3lA1zL9/gS7yj2WQ=
WIREGUARD_PRIVATE_KEY=wHp5gAjV9qznCbk702bq/Az/qXrnb8PKMiNhWQ5mw2I=
# # US-IL#156
# VPN_ENDPOINT_IP=87.249.134.139
# VPN_ENDPOINT_PORT=51820
# WIREGUARD_ADDRESSES=10.2.0.2/32
# VPN_DNS_ADDRESS=10.2.0.1
# WIREGUARD_PUBLIC_KEY=xuqP9uEGryELhamLSK9IDRNhljo3lA1zL9/gS7yj2WQ=
# WIREGUARD_PRIVATE_KEY=wHp5gAjV9qznCbk702bq/Az/qXrnb8PKMiNhWQ5mw2I=

116
authelia/secret-template.yml
View File

@@ -1,17 +1,23 @@
# rand() { # au rand() {
# docker run --rm authelia/authelia:latest authelia crypto rand --length $1 --charset rfc3986 # docker run --rm authelia/authelia:latest authelia crypto rand --length $1 --charset rfc3986
# } # }
# hash() { # au hash() {
# docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length $1 --random.charset rfc3986 # docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length $1 --random.charset rfc3986
# } # }
identity_providers: identity_providers:
oidc: oidc:
hmac_secret: '$(au rand 72)'
jwks:
- key: $(openssl genrsa -out - 2048)
claims_policies:
karakeep:
id_token: ['email']
## The other portions of the mandatory OpenID Connect 1.0 configuration go here. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc ## See: https://www.authelia.com/c/oidc
clients: clients:
- client_name: 'Gitea' - client_name: 'Gitea'
client_id: '$(rand 72)' client_id: '$(au rand 72)'
client_secret: '$(hash 72)' client_secret: '$(au hash 72)'
public: false public: false
authorization_policy: 'two_factor' authorization_policy: 'two_factor'
require_pkce: false require_pkce: false
@@ -29,3 +35,105 @@ identity_providers:
access_token_signed_response_alg: 'none' access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none' userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic' token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Memos'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://memos.loadingm.xyz/auth/callback'
scopes:
- 'openid'
- 'email'
- 'profile'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Open WebUI'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://ollama.loadingm.xyz/oauth/oidc/callback'
scopes:
- 'openid'
- 'email'
- 'groups'
- 'profile'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Karakeep'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://karakeep.loadingm.xyz/api/auth/callback/custom'
scopes:
- 'openid'
- 'email'
- 'profile'
claims_policy: 'karakeep'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
# - client_name: 'Jellyseerr'
# client_id: '$(au rand 72)'
# client_secret: '$(au hash 72)'
# public: false
# authorization_policy: 'two_factor'
# require_pkce: false
# pkce_challenge_method: ''
# redirect_uris:
# - 'https://memos.loadingm.xyz/auth/callback'
# scopes:
# - 'openid'
# - 'email'
# - 'profile'
# response_types:
# - 'code'
# grant_types:
# - 'authorization_code'
# access_token_signed_response_alg: 'none'
# userinfo_signed_response_alg: 'none'
# token_endpoint_auth_method: 'client_secret_basic'
# - client_name: 'Jellyfin'
# client_id: '$(au rand 72)'
# client_secret: '$(au hash 72)'
# public: false
# authorization_policy: 'two_factor'
# require_pkce: false
# pkce_challenge_method: ''
# redirect_uris:
# - 'https://memos.loadingm.xyz/auth/callback'
# scopes:
# - 'openid'
# - 'email'
# - 'profile'
# response_types:
# - 'code'
# grant_types:
# - 'authorization_code'
# access_token_signed_response_alg: 'none'
# userinfo_signed_response_alg: 'none'
# token_endpoint_auth_method: 'client_secret_basic'

20
jellyfin-compose.yaml
View File

@@ -11,15 +11,16 @@ services:
- 46931:46931/udp - 46931:46931/udp
networks: networks:
- jellyfin-int - jellyfin-int
env_file: .vpnenv
environment: environment:
- VPN_SERVICE_PROVIDER=custom - VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard - VPN_TYPE=wireguard
- VPN_ENDPOINT_IP=${ENDPOINT_IP} # - VPN_ENDPOINT_IP=${ENDPOINT_IP}
- VPN_ENDPOINT_PORT=${ENDPOINT_PORT} # - VPN_ENDPOINT_PORT=${ENDPOINT_PORT}
- WIREGUARD_ADDRESSES=${WIREGUARD_ADDR} # - WIREGUARD_ADDRESSES=${WIREGUARD_ADDR}
- VPN_DNS_ADDRESS=${DNS_ADDRESS} # - VPN_DNS_ADDRESS=${DNS_ADDRESS}
- WIREGUARD_PUBLIC_KEY=${PUBLIC_KEY} # - WIREGUARD_PUBLIC_KEY=${PUBLIC_KEY}
- WIREGUARD_PRIVATE_KEY=${PRIVATE_KEY} # - WIREGUARD_PRIVATE_KEY=${PRIVATE_KEY}
- VPN_PORT_FORWARDING=on - VPN_PORT_FORWARDING=on
- VPN_PORT_FORWARDING_PROVIDER=protonvpn - VPN_PORT_FORWARDING_PROVIDER=protonvpn
- VPN_PORT_FORWARDING_STATUS_FILE=/tmp/gluetun/forwarded_port - VPN_PORT_FORWARDING_STATUS_FILE=/tmp/gluetun/forwarded_port
@@ -84,6 +85,7 @@ services:
- PUID=0 - PUID=0
- PGID=0 - PGID=0
- TZ=${TZ} - TZ=${TZ}
# - RUN_OPTS=-l -t
volumes: volumes:
- /data/jellyfin/configs/jackett:/config - /data/jellyfin/configs/jackett:/config
ports: ports:
@@ -129,7 +131,7 @@ services:
- PUID=0 - PUID=0
- PGID=0 - PGID=0
- TZ=${TZ} - TZ=${TZ}
- NVIDIA_VISIBLE_DEVICES=all # - NVIDIA_VISIBLE_DEVICES=all
ports: ports:
- 8096:8096 - 8096:8096
- 8920:8920 - 8920:8920
@@ -149,8 +151,8 @@ services:
restart: unless-stopped restart: unless-stopped
group_add: group_add:
- '993' - '993'
devices: # devices:
- /dev/dri/renderD128:/dev/dri/renderD128 # - /dev/dri/renderD128:/dev/dri/renderD128
# runtime: nvidia # runtime: nvidia
# deploy: # deploy:
# resources: # resources:

28
karakeep-compose.yaml
View File

@@ -10,7 +10,8 @@ services:
# ports: # ports:
# - 3000:3000 # - 3000:3000
env_file: env_file:
- .env # - .env
- /data/secrets/karakeep
environment: environment:
MEILI_ADDR: http://meilisearch:7700 MEILI_ADDR: http://meilisearch:7700
BROWSER_WEB_URL: http://karakeep-chrome:9222 BROWSER_WEB_URL: http://karakeep-chrome:9222
@@ -20,7 +21,7 @@ services:
INFERENCE_OUTPUT_SCHEMA: json INFERENCE_OUTPUT_SCHEMA: json
INFERENCE_CONTEXT_LENGTH: 1024 INFERENCE_CONTEXT_LENGTH: 1024
INFERENCE_JOB_TIMEOUT_SEC: 120 INFERENCE_JOB_TIMEOUT_SEC: 120
LOG_LEVEL: debug
# You almost never want to change the value of the DATA_DIR variable. # You almost never want to change the value of the DATA_DIR variable.
# If you want to mount a custom directory, change the volume mapping above instead. # If you want to mount a custom directory, change the volume mapping above instead.
DATA_DIR: /data # DON'T CHANGE THIS DATA_DIR: /data # DON'T CHANGE THIS
@@ -65,7 +66,6 @@ services:
- OLLAMA_DEBUG=1 - OLLAMA_DEBUG=1
networks: networks:
- ollama-int - ollama-int
ollama-webui: ollama-webui:
image: ghcr.io/open-webui/open-webui:main image: ghcr.io/open-webui/open-webui:main
volumes: volumes:
@@ -73,12 +73,24 @@ services:
depends_on: depends_on:
- ollama - ollama
environment: # https://docs.openwebui.com/getting-started/env-configuration#default_models environment: # https://docs.openwebui.com/getting-started/env-configuration#default_models
- OLLAMA_BASE_URLS=http://host.docker.internal:7869 #comma separated ollama hosts - OLLAMA_BASE_URLS=http://ollama:7869 #comma separated ollama hosts
- ENABLE_OPENAI_API=False
- WEBUI_URL=https://ollama.loadingm.xyz
- ENV=dev - ENV=dev
- WEBUI_AUTH=True - ENABLE_OAUTH_SIGNUP=true
- WEBUI_NAME=valiantlynx AI - OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true
- WEBUI_URL=http://localhost:8080 - OPENID_PROVIDER_URL=https://auth.loadingm.xyz/.well-known/openid-configuration
- WEBUI_SECRET_KEY=t0p-s3cr3t - OAUTH_PROVIDER_NAME=Authelia
- OAUTH_SCOPES=openid email profile groups
- ENABLE_OAUTH_ROLE_MANAGEMENT=true
- OAUTH_ALLOWED_ROLES=openwebui,openwebui-admin
- OAUTH_ADMIN_ROLES=openwebui-admin
- OAUTH_ROLES_CLAIM=groups
- OAUTH_CODE_CHALLENGE_METHOD=S256
env_file: /data/secrets/ollama-webui
# - WEBUI_AUTH=True
# - WEBUI_NAME=valiantlynx AI
# - WEBUI_SECRET_KEY=t0p-s3cr3t
extra_hosts: extra_hosts:
- host.docker.internal:host-gateway - host.docker.internal:host-gateway
restart: unless-stopped restart: unless-stopped