neale/stacks
neale
/
stacks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

More auth work, ugh

This commit is contained in:
Neale Pickett 2023-02-09 14:34:56 -07:00
parent e10bde0646
commit a9e4c9fea1
4 changed files with 46 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
homelab/Caddyfile
View File

@ -12,20 +12,19 @@
# since `handle` is a mutually-exclusive thingy. # since `handle` is a mutually-exclusive thingy.
# https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827 # https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827
(restricted-access) { (restricted-access) {
handle { @noAuth header !Authorization
@noauth header !Authorization @hasAuth not header !Authorization
handle @noauth { forward_auth @noAuth authelia:9091 {
forward_auth authelia:9091 { import authelia
import authelia
}
}
handle {
forward_auth authelia:9091 {
import authelia
header_up Proxy-Authorization {header.authorization}
}
}
} }
forward_auth @hasAuth authelia:9091 {
import authelia
header_up Proxy-Authorization {header.authorization}
}
# XXX: If the client sends an "Accept" header, Authelia returns 401 with no Www-Authenticate header, violating HTTP
@unauthorized `{err.status_code} == 401`
header @unauthorized Www-Authenticate "Basic realm=goober"
} }
auth.woozle.org { auth.woozle.org {
@ -102,6 +101,10 @@ deergrove.woozle.org {
reverse_proxy host.lan:5801 reverse_proxy host.lan:5801
} }
handle_path /netdata/* {
reverse_proxy netdata:19999
}
# Octoprint serves up broken webcam URLs # Octoprint serves up broken webcam URLs
uri replace /webcam/ /octoprint/webcam/ uri replace /webcam/ /octoprint/webcam/
handle_path /octoprint/* { handle_path /octoprint/* {

2
homelab/authelia.yaml
View File

@ -44,6 +44,7 @@ access_control:
- domain: deergrove.woozle.org - domain: deergrove.woozle.org
resources: resources:
- '^/[a-z.]*$' - '^/[a-z.]*$'
- '^/netdata/'
policy: one_factor policy: one_factor
- domain: drive.woozle.org - domain: drive.woozle.org
@ -73,6 +74,7 @@ access_control:
- HEAD - HEAD
- GET - GET
- PROPFIND - PROPFIND
- OPTIONS
resources: resources:
- '^/(README.md)?$' - '^/(README.md)?$'
- '^/incoming/' - '^/incoming/'

30
homelab/docker-compose.yaml
View File

@ -218,6 +218,29 @@ services:
source: /srv/sys/atlas/status source: /srv/sys/atlas/status
target: /var/atlas-probe/status target: /var/atlas-probe/status
netdata:
image: netdata/netdata
hostname: "{{.Node.Hostname}}"
environment:
NETDATA_DISABLE_CLOUD: "1"
cap_add:
- SYS_PTRACE
volumes:
- type: bind
source: /
target: /host
read_only: true
- type: bind
source: /srv/sys/netdata/lib
target: /var/lib/netdata
- type: bind
source: /srv/sys/netdata/cache
target: /var/cache/netdata
configs:
- source: netdata.conf
target: /etc/netdata/netdata.conf
geneweb: geneweb:
image: ravermeister/geneweb image: ravermeister/geneweb
volumes: volumes:
@ -311,7 +334,7 @@ configs:
name: Corefile-v4 name: Corefile-v4
Caddyfile: Caddyfile:
file: Caddyfile file: Caddyfile
name: Caddyfile-v111 name: Caddyfile-v120
index.html: index.html:
file: www/index.html file: www/index.html
name: index.html-v42 name: index.html-v42
@ -329,7 +352,10 @@ configs:
name: deergrove.png-v1 name: deergrove.png-v1
authelia.yaml: authelia.yaml:
file: authelia.yaml file: authelia.yaml
name: authelia.yaml-v24 name: authelia.yaml-v28
netdata.conf:
file: netdata.conf
name: netdata.conf-v1
secrets: secrets:
passwd: passwd:

0
homelab/unused/netdata.conf → homelab/netdata.conf
View File