This commit is contained in:
Neale Pickett 2023-02-06 12:14:14 -07:00
parent c58bcb36f3
commit 335849665d
5 changed files with 424 additions and 61 deletions

View File

@ -1,13 +1,31 @@
{ {
email neale@woozle.org email neale@woozle.org
#debug
}
(authelia) {
uri /api/verify?rd=https://auth.woozle.org/
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
} }
(restricted-access) { (restricted-access) {
forward_auth simpleauth:8080 { @noauth header !Authorization
uri / handle @noauth {
copy_headers X-Simpleauth-Token forward_auth authelia:9091 {
import authelia
} }
} }
handle {
forward_auth authelia:9091 {
import authelia
header_up Proxy-Authorization {header.authorization}
}
}
}
auth.woozle.org {
reverse_proxy authelia:9091
}
git.woozle.org { git.woozle.org {
reverse_proxy forgejo:3000 reverse_proxy forgejo:3000

View File

@ -1,7 +1,7 @@
. { . {
bind lan bind lan
hosts { hosts {
192.168.86.2 sweetums.woozle.org deergrove.woozle.org drive.woozle.org git.woozle.org ancestry.woozle.org media.woozle.org 192.168.86.2 sweetums.woozle.org deergrove.woozle.org drive.woozle.org git.woozle.org ancestry.woozle.org media.woozle.org auth.woozle.org
fallthrough fallthrough
} }
forward . 8.8.8.8 forward . 8.8.8.8

20
homelab/authelia.yaml Normal file
View File

@ -0,0 +1,20 @@
log:
level: trace # error, warn, [info], debug, trace
authentication_backend:
password_reset:
disable: true
file:
path: /run/secrets/users.yaml
totp:
issuer: woozle.org
session:
domain: woozle.org
same_site: strict
storage:
local:
path: /srv/sys/authelia/db.sqlite3
access_control:
default_policy: one_factor
notifier:
filesystem:
filename: /run/emails.txt

View File

@ -41,30 +41,24 @@ services:
extra_hosts: extra_hosts:
- host.docker.internal:host-gateway - host.docker.internal:host-gateway
simpleauth: authelia:
image: git.woozle.org/neale/simpleauth image: authelia/authelia
command:
- -secret
- /run/secrets/simpleauth.key
secrets:
- passwd
- simpleauth.key
jellyfin:
image: jellyfin/jellyfin
environment: environment:
TZ: US/Mountain AUTHELIA_JWT_SECRET_FILE: /run/secrets/jwt.secret
AUTHELIA_SESSION_SECRET_FILE: /run/secrets/session.secret
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/storage.secret
secrets:
- jwt.secret
- session.secret
- storage.secret
- users.yaml
configs:
- source: authelia.yaml
target: /config/configuration.yml
volumes: volumes:
- type: bind - type: bind
source: /srv/sys/jellyfin/config source: /srv/sys/authelia
target: /config target: /srv/sys/authelia
- type: bind
source: /srv/sys/jellyfin/cache
target: /cache
- type: bind
source: /srv/media
target: /srv/media
read_only: true
plex: plex:
image: ghcr.io/linuxserver/plex:1.29.2 image: ghcr.io/linuxserver/plex:1.29.2
@ -293,10 +287,10 @@ configs:
name: dave.yaml-v3 name: dave.yaml-v3
Corefile: Corefile:
file: Corefile file: Corefile
name: Corefile-v3 name: Corefile-v4
Caddyfile: Caddyfile:
file: Caddyfile file: Caddyfile
name: Caddyfile-v88 name: Caddyfile-v101
index.html: index.html:
file: www/index.html file: www/index.html
name: index.html-v36 name: index.html-v36
@ -312,6 +306,9 @@ configs:
deergrove.png: deergrove.png:
file: www/deergrove.png file: www/deergrove.png
name: deergrove.png-v1 name: deergrove.png-v1
authelia.yaml:
file: authelia.yaml
name: authelia.yaml-v6
secrets: secrets:
passwd: passwd:
@ -329,6 +326,18 @@ secrets:
forgejo.ini: forgejo.ini:
file: secrets/forgejo.ini file: secrets/forgejo.ini
name: forgejo.ini-v1 name: forgejo.ini-v1
jwt.secret:
file: secrets/jwt.secret
name: jwt.secret-v1
storage.secret:
file: secrets/storage.secret
name: storage.secret-v1
session.secret:
file: secrets/session.secret
name: session.secret-v1
users.yaml:
file: secrets/users.yaml
name: users.yaml-v2
networks: networks:
hostnet: hostnet:

View File

@ -1,47 +1,363 @@
version: "3.8" version: "3.8"
services: services:
jellyfin: coredns:
image: ghcr.io/linuxserver/jellyfin:latest image: coredns/coredns
networks:
- hostnet
configs:
- source: Corefile
target: /Corefile
caddy:
image: caddy:2-alpine
ports: ports:
- target: 8096 - target: 443
published: 8096 published: 443
- target: 7359 mode: host
published: 7359 - target: 80
protocol: udp published: 80
- target: 1900 mode: host
published: 1900 volumes:
protocol: udp - type: bind
source: /srv
target: /srv
read_only: true
- type: bind
source: /srv/sys/caddy
target: /data/caddy
configs:
- source: Caddyfile
target: /etc/caddy/Caddyfile
- source: index.html
target: /www/index.html
- source: index.mjs
target: /www/index.mjs
- source: deergrove.png
target: /www/deergrove.png
- source: index.css
target: /www/index.css
- source: browser.html
target: /browser.html
extra_hosts:
- host.docker.internal:host-gateway
authelia:
image: authelia/authelia
environment:
AUTHELIA_JWT_SECRET_FILE: /run/secrets/jwt.secret
AUTHELIA_SESSION_SECRET_FILE: /run/secrets/session.secret
AUTHELIA_STORAGE_ENCRYPTION_FILE: /run/secrets/storage.secret
secrets:
- jwt.secret
- session.secret
- storage.secret
- users.yaml
configs:
- source: authelia.yaml
target: /config/configuration.yml
volumes:
- type: bind
source: /srv/sys/authelia
target: /srv/sys/authelia
jellyfin:
image: jellyfin/jellyfin
environment: environment:
TZ: US/Mountain TZ: US/Mountain
volumes: volumes:
- type: bind - type: bind
source: /mnt/ext/srv/jellyfin source: /srv/sys/jellyfin/config
target: /config target: /config
- type: bind - type: bind
source: /media source: /srv/sys/jellyfin/cache
target: /media target: /cache
- type: bind
source: /srv/media
target: /srv/media
read_only: true read_only: true
plex:
image: ghcr.io/linuxserver/plex:1.29.2
networks:
- hostnet
environment:
TZ: US/Mountain
VERSION: public
volumes:
- type: bind
source: /srv/sys/plex
target: /config
- type: bind
source: /srv
target: /srv
read_only: true
transmission:
image: lscr.io/linuxserver/transmission
volumes:
- type: bind
source: /srv/sys/transmission
target: /config
- type: bind
source: /srv/incoming
target: /srv/incoming
networks:
- hostnet
sonarr:
image: lscr.io/linuxserver/sonarr
extra_hosts:
- host.docker.internal:host-gateway
volumes:
- type: bind
source: /srv/sys/sonarr
target: /config
- type: bind
source: /srv/media/tv
target: /srv/media/tv
- type: bind
source: /srv/incoming
target: /srv/incoming
radarr:
image: lscr.io/linuxserver/radarr
extra_hosts:
- host.docker.internal:host-gateway
volumes:
- type: bind
source: /srv/sys/radarr
target: /config
- type: bind
source: /srv/media/movies
target: /srv/media/movies
- type: bind
source: /srv/incoming
target: /srv/incoming
lidarr:
image: lscr.io/linuxserver/lidarr
extra_hosts:
- host.docker.internal:host-gateway
volumes:
- type: bind
source: /srv/sys/lidarr
target: /config
- type: bind
source: /srv/media/music
target: /srv/media/music
- type: bind
source: /srv/incoming
target: /srv/incoming
readarr:
image: lscr.io/linuxserver/readarr:develop
extra_hosts:
- host.docker.internal:host-gateway
volumes:
- type: bind
source: /srv/sys/readarr
target: /config
- type: bind
source: /srv/media/books
target: /srv/media/books
- type: bind
source: /srv/media/audiobooks
target: /srv/media/audiobooks
- type: bind
source: /srv/incoming
target: /srv/incoming
prowlarr:
image: lscr.io/linuxserver/prowlarr:latest
extra_hosts:
- host.docker.internal:host-gateway
volumes:
- type: bind
source: /srv/sys/prowlarr
target: /config
nzbget:
image: lscr.io/linuxserver/nzbget
volumes:
- type: bind
source: /srv/sys/nzbget
target: /config
- type: bind
source: /srv/incoming
target: /srv/incoming
forgejo:
image: codeberg.org/forgejo/forgejo:1.18-rootless
secrets:
- source: forgejo.ini
target: /etc/gitea/app.ini
uid: "1000"
gid: "1000"
mode: 0400
volumes:
- type: bind
source: /srv/sys/forgejo
target: /data
- type: bind
source: /etc/timezone
target: /etc/timezone
read_only: true
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
atlas:
image: ctassisf/ripe-atlas-alpine:arm64v8
volumes:
- type: bind
source: /srv/sys/atlas/etc
target: /var/atlas-probe/etc
- type: bind
source: /srv/sys/atlas/status
target: /var/atlas-probe/status
geneweb:
image: ravermeister/geneweb
volumes:
- type: bind
source: /srv/sys/geneweb/etc
target: /usr/local/share/geneweb/etc
- type: bind
source: /srv/sys/geneweb/share/data
target: /usr/local/share/geneweb/share/data
- type: bind
source: /srv/sys/geneweb/log
target: /usr/local/share/geneweb/log
samba:
image: dperson/samba
volumes:
- type: bind
source: /srv
target: /srv
bind: bind:
propagation: rslave propagation: rslave
- type: bind environment:
source: /dev/video10 NMBD: enable
target: /dev/video10 RECYCLE: disable
- type: bind USERID: 911
source: /dev/video11 GROUPID: 911
target: /dev/video11 # name;path;browse;readonly;guest
- type: bind SHARE1: drive;/srv;yes;no;no
source: /dev/video12 SHARE2: retropie;/srv/media/games/retropie;yes;yes;yes
target: /dev/video12 env_file:
- type: bind - secrets/samba-users.env
source: /dev/video13 ports:
target: /dev/video13 - published: 139
- type: bind target: 139
source: /dev/video14 - published: 445
target: /dev/video14 target: 445
- type: bind
source: /dev/video15 webdav:
target: /dev/video15 image: micromata/dave
- type: bind volumes:
source: /dev/video16 - type: bind
target: /dev/video16 source: /srv
target: /data
configs:
- source: dave.yaml
target: /config/config.yaml
user: "911:911"
ddns:
image: qmcgaw/ddns-updater
dns:
- 1.1.1.1
volumes:
- type: bind
source: /srv/sys/ddns-updater
target: /updater/data
tunnel:
deploy:
replicas: 0
image: lscr.io/linuxserver/openssh-server
user: abc
entrypoint:
- /usr/bin/ssh
- -N
- -R 172.17.0.1:5880:caddy:80 # 172.17.0.1 = docker host IP
- -R :5822:host.docker.internal:22
- -o ServerAliveInterval=30
- core@melville.woozle.org
extra_hosts:
- host.docker.internal:host-gateway
secrets:
- source: tunnel
target: /config/.ssh/id_rsa
uid: "911"
gid: "911"
mode: 0600
- source: known_hosts
target: /config/.ssh/known_hosts
uid: "911"
gid: "911"
mode: 0600
configs:
dave.yaml:
file: dave.yaml
name: dave.yaml-v3
Corefile:
file: Corefile
name: Corefile-v3
Caddyfile:
file: Caddyfile
name: Caddyfile-v89
index.html:
file: www/index.html
name: index.html-v36
index.mjs:
file: www/index.mjs
name: index.mjs-v1
index.css:
file: www/index.css
name: index.css-v1
browser.html:
file: www/browser.html
name: browser.html-v3
deergrove.png:
file: www/deergrove.png
name: deergrove.png-v1
authelia.yaml:
file: authelia.yaml
name: authelia.yaml-v1
secrets:
passwd:
file: secrets/passwd
name: passwd-v2
simpleauth.key:
file: secrets/simpleauth.key
name: simpleauth.key-v1
tunnel:
file: secrets/tunnel
name: tunnel-v1
known_hosts:
file: secrets/known_hosts
name: known_hosts-v1
forgejo.ini:
file: secrets/forgejo.ini
name: forgejo.ini-v1
jwt.secret:
file: secrets/jwt.secret
name: jwt.secret-v1
storage.secret:
file: secrets/storage.secret
name: storage.secret-v1
session.secret:
file: secrets/session.secret
name: session.secret-v1
users.yaml:
file: secrets/users.yaml
name: users.yaml-v1
networks:
hostnet:
external: true
name: host