Initial authelia

readme.md

@@ -8,7 +8,8 @@ Hosted on https://git.woodbine.nyc/micro/woodbine.nyc
 
     docker-compose --env-file env.production \
       --file services/caddy.yaml \
-      --file services/zitadel.yaml \
+      --file services/authelia.yaml \
+      --file services/web.yaml \
       up --build
 
 ## port forwarding
@@ -22,7 +23,8 @@ Hosted on https://git.woodbine.nyc/micro/woodbine.nyc
 - [x] webdav for personal home pages
 - [ ] backup using duplicity uploaded to backblaze b2
 - [ ] restore using duplicity downloaded from backblaze b2
-- [ ] zitadel sso
+- [ ] ~~zitadel sso~~
+- [ ] authelia sso
 - [ ] wiki
 - [ ] dendrite matrix server
 - [ ] gitea

services/authelia.yaml

@@ -0,0 +1,58 @@
+version: "3.8"
+secrets:
+  JWT_SECRET:
+    file: ../secrets/authelia/JWT_SECRET
+  SESSION_SECRET:
+    file: ../secrets/authelia/SESSION_SECRET
+  STORAGE_PASSWORD:
+    file: ../secrets/authelia/STORAGE_PASSWORD
+  STORAGE_ENCRYPTION_KEY:
+    file: ../secrets/authelia/STORAGE_ENCRYPTION_KEY
+
+services:
+  authelia:
+    container_name: authelia
+    image: docker.io/authelia/authelia:4.37
+    userns_mode: keep-id
+    depends_on:
+      - postgres
+      - authelia_setup
+    restart: unless-stopped
+    expose:
+      - 9091
+    secrets: [JWT_SECRET, SESSION_SECRET, STORAGE_PASSWORD, STORAGE_ENCRYPTION_KEY]
+    #user: 8000:9000
+    environment:
+      PUID: 1000
+      PGID: 1000
+      AUTHELIA_JWT_SECRET_FILE: /run/secrets/JWT_SECRET
+      AUTHELIA_SESSION_SECRET_FILE: /run/secrets/SESSION_SECRET
+      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD
+      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/STORAGE_ENCRYPTION_KEY
+    volumes:
+      - ../data/authelia/config:/config
+
+  postgres:
+    image: postgres:16.0-alpine
+    depends_on:
+      - authelia_setup
+    secrets: [STORAGE_PASSWORD]
+    restart: unless-stopped
+    environment:
+      POSTGRES_PASSWORD_FILE: /run/secrets/STORAGE_PASSWORD
+      POSTGRES_DB: authelia
+      POSTGRES_USER: authelia
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+
+  authelia_setup:
+      image: docker.io/authelia/authelia:4.37
+      volumes:
+        - ../secrets/authelia:/secrets
+        - ./authelia/generate-secrets.sh:/generate-secrets.sh
+      restart: no
+      entrypoint: [ "/generate-secrets.sh", "/secrets" ]
+
+volumes:
+  postgres-data:
+  authelia-config:

services/authelia/generate-secrets.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+set -o errexit
+set -o nounset
+set -o pipefail
+
+cd ${1:-../secrets/authelia}
+
+for secret in JWT_SECRET SESSION_SECRET STORAGE_PASSWORD STORAGE_ENCRYPTION_KEY; do
+  test -s $secret && continue 
+  authelia crypto rand --length 64 --charset alphanumeric | cut -d':' -f2 | tr -d ' ' > $secret
+done

services/caddy.yaml

@@ -3,6 +3,7 @@ version: "3.7"
 services:
   caddy:
     image: caddy
+    container_name: caddy
     restart: unless-stopped
     ports:
       - "80:80"

services/caddy/Caddyfile

@@ -5,5 +5,9 @@
 }
 
 web.{$DOMAIN} {
-	reverse_proxy services-web-1:4431
+	reverse_proxy web:4431
+}
+
+login.{$DOMAIN} {
+	reverse_proxy authelia:9091
 }