feat: Add OIDC for Bookstack, Gitea, Immich

2026-06-21 20:22:55 +02:00 · 2026-06-21 20:22:55 +02:00 · 4038d0b0e8
parent db2580cfac
commit 4038d0b0e8
2 changed files with 50 additions and 1 deletions
--- a/docker/stacks/00-core/authelia/configuration.yml
+++ b/docker/stacks/00-core/authelia/configuration.yml
@ -119,3 +119,46 @@ identity_providers:
          - email
          - groups
        userinfo_signing_algorithm: none
+
+      - id: immich
+        description: Immich
+        secret: '$pbkdf2-sha512$310000$Rapi4k3I6YTHdaHSmBhvTQ$HWk67FyxaIl/Ejc7GbLjim8/gzwuWa6bG1sZbHNaxSSCvw3Q1NKbskaFm55rFRXVFw..ZabmcpvvAfy/3qq4Vg'
+        public: false
+        authorization_policy: two_factor
+        redirect_uris:
+          - https://immich.kotori-waifu.cc/auth/login
+          - https://immich.kotori-waifu.cc/user-settings
+          - app.immich:///oauth-callback
+        scopes:
+          - openid
+          - profile
+          - email
+        userinfo_signing_algorithm: none
+
+      - id: gitea
+        description: Gitea
+        secret: '$pbkdf2-sha512$310000$PNUBcRwmG.FuaKw9sd9YGA$NwhUVxhtcvIGS1N7.1it1Y5IvigEnNUoPeAicZSswWkNhvkcdMCW2w9DiqZzRU8UOQ5PqYaWJVkv3rY/e/bZgw'
+        public: false
+        authorization_policy: two_factor
+        redirect_uris:
+          - https://git.kotori-waifu.cc/user/oauth2/authelia/callback
+        scopes:
+          - openid
+          - profile
+          - email
+          - groups
+        userinfo_signing_algorithm: none
+
+      - id: bookstack
+        description: BookStack
+        secret: '$pbkdf2-sha512$310000$i6qf1F2y8pQWJDmHEBXYHw$I9IBetYI247pBzZ1pjG5MHFMHutCH9PX1wnFHi7HEsIzsucu.Tp7DD2EypVC9wTftc7sV776JT9g6N2jHuSD3g'
+        public: false
+        authorization_policy: two_factor
+        redirect_uris:
+          - https://bs.kotori-waifu.cc/oidc/callback
+        scopes:
+          - openid
+          - profile
+          - email
+          - groups
+        userinfo_signing_algorithm: none
--- a/docker/stacks/01-apps/bookstack/docker-compose.yml
+++ b/docker/stacks/01-apps/bookstack/docker-compose.yml
@ -15,6 +15,13 @@ services:
      - DB_PASSWORD=${DB_PASSWORD}
      - DB_DATABASE=bookstackapp
      - TZ=Europe/Berlin
+      - AUTH_METHOD=oidc
+      - OIDC_NAME=Authelia
+      - OIDC_DISPLAY_NAME_CLAIMS=name
+      - OIDC_CLIENT_ID=bookstack
+      - OIDC_CLIENT_SECRET=BookStackSecretCyberpunk2026
+      - OIDC_ISSUER=https://auth.kotori-waifu.cc
+      - OIDC_ISSUER_DISCOVER=true
    volumes:
      - /opt/homelab/data/bookstack:/config
    ports:
@ -27,7 +34,6 @@ services:
      - "traefik.http.routers.bookstack.rule=Host(`bookstack.kotori-waifu.cc`) || Host(`bs.kotori-waifu.cc`)"
      - "traefik.http.routers.bookstack.tls=true"
      - "traefik.http.routers.bookstack.tls.certresolver=cloudflare"
-      - "traefik.http.routers.bookstack.middlewares=authelia@docker"
      - "traefik.http.services.bookstack.loadbalancer.server.port=80"
      - "traefik.docker.network=proxy_net"
    restart: unless-stopped