feat: Add Authelia OIDC for Mealie and custom Cyberpunk theme
Production GitOps Engine / execute-ansible (push) Successful in 1m5s
Details
Production GitOps Engine / execute-ansible (push) Successful in 1m5s
Details
This commit is contained in:
parent
9e584edd83
commit
9d0a0eada9
|
|
@ -77,13 +77,13 @@
|
|||
- Infrastructure:
|
||||
- Firewall:
|
||||
icon: opnsense.png
|
||||
href: http://firewall.kotori-waifu
|
||||
href: https://firewall.kotori-waifu.cc
|
||||
description: Gateway
|
||||
ping: http://10.0.0.1:80
|
||||
|
||||
- NAS:
|
||||
icon: truenas.png
|
||||
href: http://kotorinas.kotori-waifu
|
||||
href: https://kotorinas.kotori-waifu.cc
|
||||
description: Storage Array
|
||||
ping: http://10.0.10.69:80
|
||||
|
||||
|
|
@ -95,7 +95,7 @@
|
|||
|
||||
- Grafana:
|
||||
icon: grafana.png
|
||||
href: http://grafana.kotori-waifu
|
||||
href: https://grafana.kotori-waifu.cc
|
||||
description: Telemetry Visualization
|
||||
ping: http://10.0.10.68:3001
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
After Width: | Height: | Size: 519 KiB |
|
|
@ -1,6 +1,9 @@
|
|||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
asset_path: /config/assets
|
||||
headers:
|
||||
csp_template: "default-src 'self'; frame-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline' https://theme-park.dev; script-src 'self' 'nonce-%nonce%'; base-uri 'self';"
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
|
@ -45,3 +48,74 @@ storage:
|
|||
notifier:
|
||||
filesystem:
|
||||
filename: /config/notification.txt
|
||||
|
||||
identity_providers:
|
||||
oidc:
|
||||
hmac_secret: '${JWT_SECRET}'
|
||||
issuer_private_key: |
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCyoMWpOz8xnBC3
|
||||
MMVMug8ko+vf9zehSZClMGSxbG7MYV/BIXWX9a7LTtaW8ZzkMp64UNdywMW/SUTT
|
||||
Z2VNqhEkvyneA5L8Sw67ubIsD6/A7TTlsWBNbtd/Y/rzPXPdUTMGFQ6Tu4jALiMb
|
||||
D7m6vQLofZ7jQYUbWVCwRidgfeCESL5h+insVS8Asx2CAtMO9Lr+GIRoKDYmdzXw
|
||||
sx12vuiJRiuHRkcOAplvgkBgWauImVL13j0T/Wka3q3AQmBFEdX7mWYmBAm42328
|
||||
v8w8YQn6U41JPXcZf/SJX4oRv5f5RbHM1N0vjNYDkdoF+/RDs1+DqeVcF+JRo/Pu
|
||||
MKE55eP/gH8H1Elqd4aTFbix0VVbLnLn5GjctYEanwfxgZsWyw5vqKz0SNqA2xn2
|
||||
UgFkKFZ+KZ643DiT5Cmkinf+N3mrpyke5a9hzvkEiwVRoDg8SO8yACMAbxr23w71
|
||||
lNCy8BUXmDmPZArRwgb6uGsHeLqsMcTXOLY/1dZSC1JZR0t6kG+6fFfbXvqFpx5r
|
||||
iER6O0R3cXh6sTnzovg3L3nE6iLXoZUXz+WDJVE18Qh9pjCOk9UPtANLvQ1mH9Hk
|
||||
rWR5V6gnr7bV7gzJVvJ4FG+BFzOQnNc3NgmixXeyY8v+hmQ8TFMprIH4W5xahVBk
|
||||
bt6vJ60uL3OMTgCmD6EUysSSnNR5KwIDAQABAoICAFifKAG6ibMwtSBV24UiCDJK
|
||||
+1LuAZUM/Ozfsg1OeTgAFXQpiACA3Rwz/IX90DNtI87ZGNLvbgxlqvZhZWKfPgsn
|
||||
pntl9Y4jJOehDRMMI0vJw8Uzd85i8BpdPZthQTMrvm9FkipcT8/c9ADQj/pkHOXA
|
||||
sUwZbRLxAHW8EHwwZ2vp9T6B0TvV1VB5DOo8QX85ju5StppAXQE/gqztCHCp7Y9x
|
||||
l1XxWX5LbtliW1MSGebW/tBJ1q6sunEgyj5JEB8kZrABXqr8tOAYUW0MESVhlYQy
|
||||
4LVV/9lQYL+o/USp9BmxaLFxaF1Xd7Rkr7DpXDoca4ZUi5zhoqCTgYmKaeriMfd0
|
||||
XqWzd37055sqahJzXulXCr/fr4ksUtCc13cpgwa2g9i9sLHjt8UOfl2qXOx2CSqM
|
||||
m5I1Kx4UqQWZQ7vWiYptnpNpUXrKVtFR3vg33lxr8B8TNwb0B/l+Kxk9Q1y4QNBh
|
||||
AhKbp7Aq1TAikuIDn1Z2aGF1lWUcvcoKV1FAsUIcwPmAo9u/jhv+LZ80NNrMzwVl
|
||||
Cie4coda8uTR2diLORiaXxQG8oSiopsm9Gn6M+lIIZM9Rvxtuzd6dmzGVTGANOvi
|
||||
YVsLAKLgTjiOtmi6hKCs99U+7TzgLYKliEqKF2mEU0UHDOCntWuKga7o4MjzOouO
|
||||
p/1XCqm2jt2qrK73OdDlAoIBAQDfuNQyWmTKqmgDlr/gvyaibcpfA9QnYiBUAUFE
|
||||
EVwsMkP0sVS4buAvl76oTYmQGkB/jLxMGdtdPrDVYG2ki/5qv2vsdLHtKqP79BBZ
|
||||
dmR37gN+eMmzoAYtWNstVj9o/nIntYK77MpM8ynByPhQ0WsCxgwXRrOQWKKccoxL
|
||||
O0ijTLKi/Oq02OCj4n9SrQqLlq+rT/7AqEB7dPYPZH9+ufoGwycvyChfD5UBQluY
|
||||
zUx7yn543fe8MCEEIs+UUmxPhdKAmFCdVMdeBiK9PDaZDJbHSlZ4JB7MLvk5gxIZ
|
||||
+d3Y+415SMnReypKnfVDkrM46y980cGES3tXeh5qDNPXUNgdAoIBAQDMZmXA+BfK
|
||||
8J1skJFLTCFsPP5azNt1Fmx620I4scJzSMA7EEZN0WewIYbaE3pTqS08/bfKcJIh
|
||||
UYhY5U7WMiPlF8GgdhpV/0YUP2+OvT4gBpgzUNdljek3nh4WC/nEt6IBEW1rS/vS
|
||||
/xwEwP08aSZORg2F/v75YidYF/gJTmaDQisAvzuDioCVg2T+JIENv3BW3/3Zpc5e
|
||||
dJGAx3F+j4N+bFacCjGph0A/KTlvdrepzIWcbYqbkl9bT0jmJUJoCm2o/WbguNfe
|
||||
qB6EwpZno61qAuIE6C6mePIEy817XxXjKHwqI2DyylCuHI+EPL0VQkEj0NsAwi//
|
||||
KW/UKrAhs6PnAoIBAGIHzkuGGnZHty4jZ06m09oGu89okRT0xW+p4RxfcwEWwXo+
|
||||
Hf527xtLpcp/t1CCgFKjq3q5NcslBj1pdIHOqhvCZxsEg1aGAbcMWgGphBqdG8DW
|
||||
UqO38hz6u4ehLEXogMLvoSqRdo/DWT/FvTFEolxjxbaJT3Nns1FUTC9G+ew8VmZe
|
||||
5sV55u1I+TuUAXPrAmzRr7Jhx2eRd6SFB+zSt0ExUEF6tl35KPSVTCenheUUdNin
|
||||
gr9eY4k5a7X1a+ponDWnCGP4WyfTDnPXJ6Fmx8bpxvv779bOmnxd95eUSmaiy3oi
|
||||
r/RvwLdTgb4rUQcW3wcVrnM21AQfyaX0mvrVPO0CggEAal/kFtBGuaQNmaGHLBO7
|
||||
1TPM//5bPA1meW3AgfbpBsxW1qY6oGcZuk1IfBfk8sM5uuMkEmQReOuQtQrpw4mm
|
||||
qqR5bYPpYtYOZ5039qZAPbSQ4yvwXXbEZ+CPMdQbsagL1Nh4BH4v2XhQ4Zx6bkUe
|
||||
3V+RzCmQEsNlTHB08ortyOPXs3TSiTu8fZM7LRRcYYY+9cduuiWTSA8MZmPligMw
|
||||
YMwLKvwXKm4sHnLa5Ep5fRHmeyl7GEnN/Jw/iR7c935t4aO3Nb6dAdCmyVrnoZpK
|
||||
NsC3Vexr0tFgyuQx1UIABw9bxyZQXyqxYFuWyTA/C2BGvFgGkdd92SJ8g4OP1IpE
|
||||
AwKCAQEAgsiTnf0a5ApqSck6+Sh+I7UoWPhVZnfHt20HHCDDuSJ2YnN3VPuq0BR3
|
||||
9JGxGLyrb/Ff2Id3sKuMjgM+wd40PHH4yycSIVMbtLh+wq0kEjZEYKjbh6s9fwFT
|
||||
fM98gKkn4LR0nA7+1wqJgRXCDgVPabuNN0Hl0PpNPyBz0neTXVLfi0hY/FuxYc5y
|
||||
C6jReFokfEN1ytqbGacYIPaf2kBca7VeqChFF0L0c31jfdw7n2+PAx+t3TV8CY6Q
|
||||
4s0HKuGAP8/QdvLuyQ/65/URtLo2FPBYXRRo0Xkt9fSa25whM/WqeDlWsLBWtKnX
|
||||
TPMEZwjEHeWXbX5uMp9us/nHJSeVcw==
|
||||
-----END PRIVATE KEY-----
|
||||
clients:
|
||||
- id: mealie
|
||||
description: Mealie
|
||||
secret: '$pbkdf2-sha512$310000$8BwfR2MN6UuViyTqVUyJsQ$HN/GOuf1rzr8uY0zYDK.kerSzfafzAzePx5C8DWd9hmZwLmJjENz0gQwkmiDRl9AkxlmvwnWxxQkxbBSaccGOg'
|
||||
public: false
|
||||
authorization_policy: two_factor
|
||||
redirect_uris:
|
||||
- https://mealie.kotori-waifu.cc/login
|
||||
scopes:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
- groups
|
||||
userinfo_signing_algorithm: none
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ services:
|
|||
- /opt/homelab/data/authelia:/config
|
||||
- ./configuration.yml:/config/configuration.yml:ro
|
||||
- ./users.yml:/config/users.yml:ro
|
||||
- ./oidc_private.pem:/config/oidc_private.pem:ro
|
||||
- ./assets:/config/assets:ro
|
||||
networks:
|
||||
- proxy_net
|
||||
labels:
|
||||
|
|
@ -13,6 +15,9 @@ services:
|
|||
- "traefik.http.routers.authelia.rule=Host(`auth.kotori-waifu.cc`)"
|
||||
- "traefik.http.routers.authelia.tls=true"
|
||||
- "traefik.http.routers.authelia.tls.certresolver=cloudflare"
|
||||
- "traefik.http.routers.authelia.middlewares=authelia-themepark"
|
||||
- "traefik.http.middlewares.authelia-themepark.plugin.themepark.app=authelia"
|
||||
- "traefik.http.middlewares.authelia-themepark.plugin.themepark.theme=cyberpunk"
|
||||
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
|
||||
- "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/authz/forward-auth?authelia_url=https://auth.kotori-waifu.cc/"
|
||||
- "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
|
||||
|
|
|
|||
Binary file not shown.
|
After Width: | Height: | Size: 519 KiB |
|
|
@ -0,0 +1,52 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCyoMWpOz8xnBC3
|
||||
MMVMug8ko+vf9zehSZClMGSxbG7MYV/BIXWX9a7LTtaW8ZzkMp64UNdywMW/SUTT
|
||||
Z2VNqhEkvyneA5L8Sw67ubIsD6/A7TTlsWBNbtd/Y/rzPXPdUTMGFQ6Tu4jALiMb
|
||||
D7m6vQLofZ7jQYUbWVCwRidgfeCESL5h+insVS8Asx2CAtMO9Lr+GIRoKDYmdzXw
|
||||
sx12vuiJRiuHRkcOAplvgkBgWauImVL13j0T/Wka3q3AQmBFEdX7mWYmBAm42328
|
||||
v8w8YQn6U41JPXcZf/SJX4oRv5f5RbHM1N0vjNYDkdoF+/RDs1+DqeVcF+JRo/Pu
|
||||
MKE55eP/gH8H1Elqd4aTFbix0VVbLnLn5GjctYEanwfxgZsWyw5vqKz0SNqA2xn2
|
||||
UgFkKFZ+KZ643DiT5Cmkinf+N3mrpyke5a9hzvkEiwVRoDg8SO8yACMAbxr23w71
|
||||
lNCy8BUXmDmPZArRwgb6uGsHeLqsMcTXOLY/1dZSC1JZR0t6kG+6fFfbXvqFpx5r
|
||||
iER6O0R3cXh6sTnzovg3L3nE6iLXoZUXz+WDJVE18Qh9pjCOk9UPtANLvQ1mH9Hk
|
||||
rWR5V6gnr7bV7gzJVvJ4FG+BFzOQnNc3NgmixXeyY8v+hmQ8TFMprIH4W5xahVBk
|
||||
bt6vJ60uL3OMTgCmD6EUysSSnNR5KwIDAQABAoICAFifKAG6ibMwtSBV24UiCDJK
|
||||
+1LuAZUM/Ozfsg1OeTgAFXQpiACA3Rwz/IX90DNtI87ZGNLvbgxlqvZhZWKfPgsn
|
||||
pntl9Y4jJOehDRMMI0vJw8Uzd85i8BpdPZthQTMrvm9FkipcT8/c9ADQj/pkHOXA
|
||||
sUwZbRLxAHW8EHwwZ2vp9T6B0TvV1VB5DOo8QX85ju5StppAXQE/gqztCHCp7Y9x
|
||||
l1XxWX5LbtliW1MSGebW/tBJ1q6sunEgyj5JEB8kZrABXqr8tOAYUW0MESVhlYQy
|
||||
4LVV/9lQYL+o/USp9BmxaLFxaF1Xd7Rkr7DpXDoca4ZUi5zhoqCTgYmKaeriMfd0
|
||||
XqWzd37055sqahJzXulXCr/fr4ksUtCc13cpgwa2g9i9sLHjt8UOfl2qXOx2CSqM
|
||||
m5I1Kx4UqQWZQ7vWiYptnpNpUXrKVtFR3vg33lxr8B8TNwb0B/l+Kxk9Q1y4QNBh
|
||||
AhKbp7Aq1TAikuIDn1Z2aGF1lWUcvcoKV1FAsUIcwPmAo9u/jhv+LZ80NNrMzwVl
|
||||
Cie4coda8uTR2diLORiaXxQG8oSiopsm9Gn6M+lIIZM9Rvxtuzd6dmzGVTGANOvi
|
||||
YVsLAKLgTjiOtmi6hKCs99U+7TzgLYKliEqKF2mEU0UHDOCntWuKga7o4MjzOouO
|
||||
p/1XCqm2jt2qrK73OdDlAoIBAQDfuNQyWmTKqmgDlr/gvyaibcpfA9QnYiBUAUFE
|
||||
EVwsMkP0sVS4buAvl76oTYmQGkB/jLxMGdtdPrDVYG2ki/5qv2vsdLHtKqP79BBZ
|
||||
dmR37gN+eMmzoAYtWNstVj9o/nIntYK77MpM8ynByPhQ0WsCxgwXRrOQWKKccoxL
|
||||
O0ijTLKi/Oq02OCj4n9SrQqLlq+rT/7AqEB7dPYPZH9+ufoGwycvyChfD5UBQluY
|
||||
zUx7yn543fe8MCEEIs+UUmxPhdKAmFCdVMdeBiK9PDaZDJbHSlZ4JB7MLvk5gxIZ
|
||||
+d3Y+415SMnReypKnfVDkrM46y980cGES3tXeh5qDNPXUNgdAoIBAQDMZmXA+BfK
|
||||
8J1skJFLTCFsPP5azNt1Fmx620I4scJzSMA7EEZN0WewIYbaE3pTqS08/bfKcJIh
|
||||
UYhY5U7WMiPlF8GgdhpV/0YUP2+OvT4gBpgzUNdljek3nh4WC/nEt6IBEW1rS/vS
|
||||
/xwEwP08aSZORg2F/v75YidYF/gJTmaDQisAvzuDioCVg2T+JIENv3BW3/3Zpc5e
|
||||
dJGAx3F+j4N+bFacCjGph0A/KTlvdrepzIWcbYqbkl9bT0jmJUJoCm2o/WbguNfe
|
||||
qB6EwpZno61qAuIE6C6mePIEy817XxXjKHwqI2DyylCuHI+EPL0VQkEj0NsAwi//
|
||||
KW/UKrAhs6PnAoIBAGIHzkuGGnZHty4jZ06m09oGu89okRT0xW+p4RxfcwEWwXo+
|
||||
Hf527xtLpcp/t1CCgFKjq3q5NcslBj1pdIHOqhvCZxsEg1aGAbcMWgGphBqdG8DW
|
||||
UqO38hz6u4ehLEXogMLvoSqRdo/DWT/FvTFEolxjxbaJT3Nns1FUTC9G+ew8VmZe
|
||||
5sV55u1I+TuUAXPrAmzRr7Jhx2eRd6SFB+zSt0ExUEF6tl35KPSVTCenheUUdNin
|
||||
gr9eY4k5a7X1a+ponDWnCGP4WyfTDnPXJ6Fmx8bpxvv779bOmnxd95eUSmaiy3oi
|
||||
r/RvwLdTgb4rUQcW3wcVrnM21AQfyaX0mvrVPO0CggEAal/kFtBGuaQNmaGHLBO7
|
||||
1TPM//5bPA1meW3AgfbpBsxW1qY6oGcZuk1IfBfk8sM5uuMkEmQReOuQtQrpw4mm
|
||||
qqR5bYPpYtYOZ5039qZAPbSQ4yvwXXbEZ+CPMdQbsagL1Nh4BH4v2XhQ4Zx6bkUe
|
||||
3V+RzCmQEsNlTHB08ortyOPXs3TSiTu8fZM7LRRcYYY+9cduuiWTSA8MZmPligMw
|
||||
YMwLKvwXKm4sHnLa5Ep5fRHmeyl7GEnN/Jw/iR7c935t4aO3Nb6dAdCmyVrnoZpK
|
||||
NsC3Vexr0tFgyuQx1UIABw9bxyZQXyqxYFuWyTA/C2BGvFgGkdd92SJ8g4OP1IpE
|
||||
AwKCAQEAgsiTnf0a5ApqSck6+Sh+I7UoWPhVZnfHt20HHCDDuSJ2YnN3VPuq0BR3
|
||||
9JGxGLyrb/Ff2Id3sKuMjgM+wd40PHH4yycSIVMbtLh+wq0kEjZEYKjbh6s9fwFT
|
||||
fM98gKkn4LR0nA7+1wqJgRXCDgVPabuNN0Hl0PpNPyBz0neTXVLfi0hY/FuxYc5y
|
||||
C6jReFokfEN1ytqbGacYIPaf2kBca7VeqChFF0L0c31jfdw7n2+PAx+t3TV8CY6Q
|
||||
4s0HKuGAP8/QdvLuyQ/65/URtLo2FPBYXRRo0Xkt9fSa25whM/WqeDlWsLBWtKnX
|
||||
TPMEZwjEHeWXbX5uMp9us/nHJSeVcw==
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -20,6 +20,8 @@ services:
|
|||
# - "--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
- "--certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL:-admin@kotori-waifu.cc}"
|
||||
- "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
|
||||
- "--experimental.plugins.themepark.modulename=github.com/packruler/traefik-themepark"
|
||||
- "--experimental.plugins.themepark.version=v1.3.0"
|
||||
environment:
|
||||
- DOCKER_API_VERSION=1.44
|
||||
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,14 @@ services:
|
|||
- API_DOCS=true
|
||||
# Force HTTPS strictly for session cookie security
|
||||
- NODE_ENV=production
|
||||
# OIDC Configuration
|
||||
- OIDC_AUTH_ENABLED=true
|
||||
- OIDC_SIGNUP_ENABLED=true
|
||||
- OIDC_CONFIGURATION_URL=https://auth.kotori-waifu.cc/.well-known/openid-configuration
|
||||
- OIDC_CLIENT_ID=mealie
|
||||
- OIDC_CLIENT_SECRET=MealieSecretCyberpunk2026
|
||||
- OIDC_AUTO_REDIRECT=true
|
||||
- OIDC_USER_GROUP=admin
|
||||
volumes:
|
||||
- /opt/homelab/data/mealie:/app/data
|
||||
ports:
|
||||
|
|
@ -22,7 +30,6 @@ services:
|
|||
- "traefik.http.routers.mealie.rule=Host(`mealie.kotori-waifu.cc`)"
|
||||
- "traefik.http.routers.mealie.tls=true"
|
||||
- "traefik.http.routers.mealie.tls.certresolver=cloudflare"
|
||||
- "traefik.http.routers.mealie.middlewares=authelia@docker"
|
||||
- "traefik.http.services.mealie.loadbalancer.server.port=9000"
|
||||
restart: unless-stopped
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue