neale/stacks
neale
/
stacks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Move back to simpleauth

This commit is contained in:
Neale Pickett 2023-02-26 20:40:10 -07:00
parent bb7db9b716
commit befbffb12e
5 changed files with 33 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
homelab/Caddyfile
View File

@ -3,32 +3,12 @@
#debug
}
(authelia) {
uri /api/verify?rd=https://auth.woozle.org/
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
# This has to be at the same level as other `handle` directives,
# since `handle` is a mutually-exclusive thingy.
# https://caddy.community/t/copy-header-into-new-header-iff-it-is-set/18827
(restricted-access) {
@noAuth header !Authorization
@hasAuth not header !Authorization
forward_auth @noAuth authelia:9091 {
import authelia
forward_auth simpleauth:8080 {
uri /
copy_headers X-Simpleauth-Username
header_down X-Simpleauth-Domain "woozle.org"
}
forward_auth @hasAuth authelia:9091 {
import authelia
header_up Proxy-Authorization {header.authorization}
}
# XXX: If the client sends an "Accept" header, Authelia returns 401 with no Www-Authenticate header, violating HTTP
@unauthorized `{err.status_code} == 401`
header @unauthorized Www-Authenticate "Basic realm=goober"
}
auth.woozle.org {
reverse_proxy authelia:9091
}
git.woozle.org {

2
homelab/Corefile
View File

@ -1,5 +1,5 @@
. {
bind lan
bind 192.168.86.2
hosts {
192.168.86.2 sweetums.woozle.org deergrove.woozle.org drive.woozle.org git.woozle.org ancestry.woozle.org media.woozle.org auth.woozle.org
fallthrough

97
homelab/authelia.yaml
View File

@ -1,97 +0,0 @@
log:
level: info # error, warn, [info], debug, trace
authentication_backend:
password_reset:
disable: true
file:
path: /run/secrets/users.yaml
totp:
issuer: woozle.org
session:
domain: woozle.org
same_site: strict
redis:
host: redis
port: 6379
database_index: 1
storage:
local:
path: /srv/sys/authelia/db.sqlite3
notifier:
filesystem:
filename: /run/emails.txt
access_control:
default_policy: deny
rules:
- domain: deergrove.woozle.org
subject:
- "group:octoprint"
resources:
- '^/octoprint/'
- '^/webcam/'
policy: one_factor
- domain: deergrove.woozle.org
subject:
- "group:media"
resources:
- '^/[a-z]+arr/'
- '^/nzbget/'
- '^/transmission/'
- '^/sucker/'
- '^/unmanic/'
policy: one_factor
- domain: deergrove.woozle.org
resources:
- '^/[a-z.]*$'
- '^/netdata/'
policy: one_factor
- domain: drive.woozle.org
methods:
- HEAD
- GET
- PROPFIND
resources:
- '^/storage/public/'
policy: bypass
- domain: drive.woozle.org
subject:
- "group:storage"
resources:
- '^/incoming/'
- '^/media/'
- '^/storage/(README.md)?$'
- '^/storage/(?P<User>\w+)/'
- '^/storage/(?P<Group>\w+)/'
- '^/storage/shared/'
- '^/storage/public/'
policy: one_factor
- domain: drive.woozle.org
methods:
- HEAD
- GET
- PROPFIND
- OPTIONS
resources:
- '^/(README.md)?$'
- '^/incoming/'
- '^/media/'
- '^/storage/shared/'
policy: one_factor
- domain: photos.woozle.org
resources:
- '^(/pgapi)?/gallery/(?P<User>\w+)'
- '^(/pgapi)?/gallery/(?P<Group>\w+)'
- '^(/pgapi)?/gallery/content/'
policy: one_factor
- domain: photos.woozle.org
resources:
- '^(/pgapi)?/gallery/.'
policy: deny
- domain: photos.woozle.org
policy: one_factor

67
homelab/docker-compose.yaml
View File

@ -44,42 +44,29 @@ services:
- host.docker.internal:host-gateway
- host.lan:192.168.86.2
authelia:
image: authelia/authelia
environment:
AUTHELIA_JWT_SECRET_FILE: /run/secrets/jwt.secret
AUTHELIA_SESSION_SECRET_FILE: /run/secrets/session.secret
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/storage.secret
simpleauth:
image: git.woozle.org/neale/simpleauth
secrets:
- jwt.secret
- session.secret
- storage.secret
- users.yaml
- authelia.oidc.yaml
configs:
- source: authelia.yaml
target: /authelia.yaml
command:
- authelia
- --config=/authelia.yaml
- --config=/run/secrets/authelia.oidc.yaml
volumes:
- type: bind
source: /srv/sys/authelia
target: /srv/sys/authelia
- passwd
- simpleauth.key
# Authelia wants this
redis:
image: redis:alpine
command:
- redis-server
- --save
- "60"
- "1"
jellyfin:
image: jellyfin/jellyfin
deploy:
replicas: 0
environment:
TZ: US/Mountain
volumes:
- type: bind
source: /srv/sys/redis
target: /data
source: /srv/sys/jellyfin/config
target: /config
- type: bind
source: /srv/sys/jellyfin/cache
target: /cache
- type: bind
source: /srv/media/
target: /srv/media/
read_only: true
plex:
image: lscr.io/linuxserver/plex:latest
@ -93,8 +80,8 @@ services:
source: /srv/sys/plex
target: /config
- type: bind
source: /srv
target: /srv
source: /srv/media/
target: /srv/media/
read_only: true
pigallery2:
@ -115,7 +102,7 @@ services:
read_only: true
transmission:
image: lscr.io/linuxserver/transmission
image: lscr.io/linuxserver/transmission:latest
volumes:
- type: bind
source: /srv/sys/transmission
@ -293,7 +280,6 @@ services:
target: 139
- published: 445
target: 445
webdav:
image: micromata/dave
volumes:
@ -347,16 +333,16 @@ configs:
name: dave.yaml-v3
Corefile:
file: Corefile
name: Corefile-v4
name: Corefile-v5
Caddyfile:
file: Caddyfile
name: Caddyfile-v133
name: Caddyfile-v135
index.html:
file: www/index.html
name: index.html-v43
index.mjs:
file: www/index.mjs
name: index.mjs-v12
name: index.mjs-v14
index.css:
file: www/index.css
name: index.css-v2
@ -369,9 +355,6 @@ configs:
deergrove.png:
file: www/deergrove.png
name: deergrove.png-v1
authelia.yaml:
file: authelia.yaml
name: authelia.yaml-v36
netdata.conf:
file: netdata.conf
name: netdata.conf-v1

5
homelab/www/index.mjs
View File

@ -65,9 +65,10 @@ async function init() {
let icons = doc.body.appendChild(doc.createElement("section"))
icons.classList.add("icons")
let nav = document.querySelector("nav")
let resp = await fetch("portal.json")
let portalURL = new URL("portal.json", window.location)
let resp = await fetch(portalURL)
let obj = await resp.json()
let nav = document.querySelector("nav")
for (let app of obj) {
let hlink = null
if (app.target != "_blank") {