From 1bf3249d495296b5b96805cc18569ae159085d54 Mon Sep 17 00:00:00 2001
From: Neale Pickett <neale@woozle.org>
Date: Mon, 6 Feb 2023 16:30:28 -0700
Subject: [PATCH] Yay SSO

---
 homelab/Caddyfile           |  2 +-
 homelab/TODO.md             |  4 ++--
 homelab/docker-compose.yaml | 16 ++++++++++++----
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/homelab/Caddyfile b/homelab/Caddyfile
index a3b5e12..88b2623 100644
--- a/homelab/Caddyfile
+++ b/homelab/Caddyfile
@@ -101,7 +101,7 @@ ancestry.woozle.org {
 
   handle_path /sucker/* {
     import restricted-access
-    reverse_proxy sucker:8080
+    reverse_proxy 192.168.86.2:5801
   }
 
   handle_path /octoprint/* {
diff --git a/homelab/TODO.md b/homelab/TODO.md
index ad37edc..41ce968 100644
--- a/homelab/TODO.md
+++ b/homelab/TODO.md
@@ -1,9 +1,9 @@
 * Single Sign-On
   * [x] Replace simpleauth with somebody else's project
-  * [ ] Set up Forgejo OIDC to Authelia (there's a guide on Authelia's site)
+  * [x] Set up Forgejo OIDC to Authelia (there's a guide on Authelia's site)
   * [x] Persist "remember me" across reboots
 * LDAP restrictions
   * [x] People can only r/w their own storage
   * [x] Public storage
   * [x] Per-Group storage
-* [ ] Media-Sucker secure setup (bind to 0.0.0.0 opens to internet)
+* [x] Media-Sucker secure setup (bind to 0.0.0.0 opens to internet)
diff --git a/homelab/docker-compose.yaml b/homelab/docker-compose.yaml
index 530e02b..e9eab1a 100644
--- a/homelab/docker-compose.yaml
+++ b/homelab/docker-compose.yaml
@@ -52,9 +52,14 @@ services:
       - session.secret
       - storage.secret
       - users.yaml
+      - authelia.oidc.yaml
     configs:
       - source: authelia.yaml
-        target: /config/configuration.yml
+        target: /authelia.yaml
+    command:
+      - authelia
+      - --config=/authelia.yaml
+      - --config=/run/secrets/authelia.oidc.yaml
     volumes:
       - type: bind
         source: /srv/sys/authelia
@@ -302,7 +307,7 @@ configs:
     name: Corefile-v4
   Caddyfile:
     file: Caddyfile
-    name: Caddyfile-v101
+    name: Caddyfile-v103
   index.html:
     file: www/index.html
     name: index.html-v36
@@ -320,7 +325,7 @@ configs:
     name: deergrove.png-v1
   authelia.yaml:
     file: authelia.yaml
-    name: authelia.yaml-v16
+    name: authelia.yaml-v18
 
 secrets:
   passwd:
@@ -337,7 +342,7 @@ secrets:
     name: known_hosts-v1
   forgejo.ini:
     file: secrets/forgejo.ini
-    name: forgejo.ini-v1
+    name: forgejo.ini-v4
   jwt.secret:
     file: secrets/jwt.secret
     name: jwt.secret-v1
@@ -350,6 +355,9 @@ secrets:
   users.yaml:
     file: secrets/users.yaml
     name: users.yaml-v6
+  authelia.oidc.yaml:
+    file: secrets/authelia.oidc.yaml
+    name: authelia.oidc.yaml-v2
 
 networks:
   hostnet: