the10thwiz/Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: the10thwiz:e417287103ec958eaea0d6ae0d59b9cbbc093302
Branches Tags
the10thwiz:main
..
compare: the10thwiz:b41ad62aa17e0e6c120a9057231ad185671511fa
Branches Tags
the10thwiz:main

3 Commits
e417287103 ... b41ad62aa1

Author SHA1 Message Date
Matthew Pomes
b41ad62aa1 Add mail and update gitea to use authelia sso 2025-11-23 18:38:26 -06:00
Matthew Pomes
0566bf8a2d Change policy to only apply to servarr 2025-11-23 18:37:27 -06:00
Matthew Pomes
46344bf719 Split authelia config so secrets aren't in repo 2025-11-23 13:25:07 -06:00
2 changed files with 88 additions and 13 deletions
Expand all files Collapse all files

64
authelia/configuration.yml
View File

@@ -6,7 +6,7 @@ authentication_backend:
password_change: password_change:
disable: false disable: false
file: file:
path: '/config/users.yml' path: '/data/users.yml'
watch: false watch: false
search: search:
email: false email: false
@@ -37,18 +37,72 @@ session:
remember_me: '1d' remember_me: '1d'
notifier: notifier:
disable_startup_check: false disable_startup_check: false
filesystem: # filesystem:
filename: '/config/notification.txt' # filename: '/data/notification.txt'
smtp:
address: 'smtp://mail:25'
sender: 'Authelia <auth@loadingm.xyz>'
disable_require_tls: true # Determine if this is needed
disable_starttls: true
storage: storage:
local: local:
path: '/config/db.sqlite3' path: '/data/db.sqlite3'
access_control: access_control:
default_policy: deny default_policy: deny
rules: rules:
- domain: '*.loadingm.xyz' - domain: 'servarr.loadingm.xyz'
subject:
- 'group:admins'
policy: one_factor policy: one_factor
# - domain: '*.loadingm.xyz'
# policy: one_factor
server: server:
endpoints: endpoints:
authz: authz:
auth-request: auth-request:
implementation: 'AuthRequest' implementation: 'AuthRequest'
identity_providers:
oidc:
# enable_client_debug_messages: false
# minimum_parameter_entropy: 8
# enforce_pkce: 'public_clients_only'
# enable_pkce_plain_challenge: false
# enable_jwt_access_token_stateless_introspection: false
# discovery_signed_response_alg: 'none'
# discovery_signed_response_key_id: ''
# require_pushed_authorization_requests: false
# authorization_policies:
# policy_name:
# default_policy: 'two_factor'
# rules:
# - policy: 'deny'
# subject: 'group:services'
# networks:
# - '192.168.1.0/24'
# - '192.168.2.51'
lifespans:
access_token: '1h'
authorize_code: '1m'
id_token: '1h'
refresh_token: '90m'
# claims_policies:
# policy_name:
# id_token: []
# access_token: []
# id_token_audience_mode: 'specification'
# custom_claims:
# claim_name:
# name: 'claim_name'
# attribute: 'attribute_name'
# scopes:
# scope_name:
# claims: []
# cors:
# endpoints:
# - 'authorization'
# - 'token'
# - 'revocation'
# - 'introspection'
# allowed_origins:
# - 'https://example.com'
# allowed_origins_from_client_redirect_uris: false

37
docker-compose.yaml
View File

@@ -3,13 +3,13 @@ include:
- ./jellyfin-compose.yaml - ./jellyfin-compose.yaml
secrets: secrets:
JWT_SECRET: JWT_SECRET:
file: './authelia/secrets/JWT_SECRET' file: '/data/authelia/secrets/JWT_SECRET'
SESSION_SECRET: SESSION_SECRET:
file: './authelia/secrets/SESSION_SECRET' file: '/data/authelia/secrets/SESSION_SECRET'
STORAGE_PASSWORD: STORAGE_PASSWORD:
file: './authelia/secrets/STORAGE_PASSWORD' file: '/data/authelia/secrets/STORAGE_PASSWORD'
STORAGE_ENCRYPTION_KEY: STORAGE_ENCRYPTION_KEY:
file: './authelia/secrets/STORAGE_ENCRYPTION_KEY' file: '/data/authelia/secrets/STORAGE_ENCRYPTION_KEY'
volumes: volumes:
meilisearch: meilisearch:
karakeep: karakeep:
@@ -34,6 +34,8 @@ networks:
external: false external: false
memos: memos:
external: false external: false
mail:
external: false
services: services:
web: web:
image: "nginx" image: "nginx"
@@ -88,12 +90,13 @@ services:
secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_PASSWORD', 'STORAGE_ENCRYPTION_KEY'] secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_PASSWORD', 'STORAGE_ENCRYPTION_KEY']
networks: networks:
- auth - auth
- mail
environment: environment:
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET' AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/JWT_SECRET'
AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET' AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/SESSION_SECRET'
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION_KEY' AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/STORAGE_ENCRYPTION_KEY'
volumes: volumes:
- './authelia/:/config' - './authelia/:/config:ro'
- '/data/authelia/:/data' - '/data/authelia/:/data'
logging: *logging logging: *logging
minecraft: minecraft:
@@ -128,18 +131,24 @@ services:
gitea: gitea:
image: docker.gitea.com/gitea:1.24 image: docker.gitea.com/gitea:1.24
environment: environment:
- USER_UID=1000 - USER_UID=106
- USER_GID=1000 - USER_GID=110
- ENABLE_NOTIFY_MAIL=true
# -
restart: unless-stopped restart: unless-stopped
networks: networks:
- gitea - gitea
- mail
volumes: volumes:
- /data/gitea/data:/data - /data/gitea/data:/data
- /home/git/.ssh/:/data/git/.ssh
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:
- "222:22" - "222:22"
logging: *logging logging: *logging
depends_on:
- authelia
gitea-runner: gitea-runner:
image: docker.gitea.com/act_runner:latest image: docker.gitea.com/act_runner:latest
restart: unless-stopped restart: unless-stopped
@@ -187,7 +196,19 @@ services:
- MEMOS_PORT=5230 - MEMOS_PORT=5230
restart: unless-stopped restart: unless-stopped
logging: *logging logging: *logging
mail:
image: boky/postfix
restart: unless-stopped
logging: *logging
environment:
- ALLOWED_SENDER_DOMAINS=loadingm.xyz
- POSTFIX_myhostname=mail
volumes:
- /data/mail:/etc/opendkim/keys
networks:
- mail
ports:
- 127.0.0.1:25:25
# calibre: # calibre:
# image: "linuxserver/calibre-web" # image: "linuxserver/calibre-web"
# 5d-diplomacy-frontend: # 5d-diplomacy-frontend: