fzirker/homeserver
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: fzirker:34deb921946244e28ca1006df03ab2b55cb632e0
Branches Tags
fzirker:main
fzirker:stirling-pdf
..
compare: fzirker:8181de3f125327fa48b9d494ff142d2f80c47d8f
Branches Tags
fzirker:main
fzirker:stirling-pdf

No commits in common. "34deb921946244e28ca1006df03ab2b55cb632e0" and "8181de3f125327fa48b9d494ff142d2f80c47d8f" have entirely different histories.
34deb92194 ... 8181de3f12

5 changed files with 6 additions and 120 deletions
Download patch file Download diff file Expand all files Collapse all files

90
auth/docker-compose.yml
View file

@ -1,90 +0,0 @@
services:
authentik-server:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
restart: unless-stopped
command: server
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=postgresql
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
volumes:
- ${VOLUMES_PATH}/auth/media:/media
- ${VOLUMES_PATH}/auth/custom-templates:/templates
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- web
- auth
authentik-worker:
image: ghcr.io/goauthentik/server:${AUTHENTIK_VERSION}
restart: unless-stopped
command: worker
environment:
- AUTHENTIK_REDIS__HOST=redis
- AUTHENTIK_POSTGRESQL__HOST=postgresql
- AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
- AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
- AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
- AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
- AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
user: root
volumes:
# - /var/run/docker.sock:/var/run/docker.sock
- ${VOLUMES_PATH}/auth/media:/media
- ${VOLUMES_PATH}/auth/certs:/certs
- ${VOLUMES_PATH}/auth/custom-templates:/templates
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
networks:
- auth
postgresql:
image: postgres:${POSTGRES_VERSION}
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- ${VOLUMES_PATH}/auth/postgres/:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_DB=${POSTGRES_DB}
networks:
- auth
redis:
image: redis:${REDIS_VERSION}
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- ${VOLUMES_PATH}/auth/redis:/data
networks:
- auth
networks:
auth:
web:
external: true

3
paperless/docker-compose.yaml
View file

@ -60,9 +60,6 @@ services:
- USERMAP_GID=1000 - USERMAP_GID=1000
- PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py - PAPERLESS_PRE_CONSUME_SCRIPT=/usr/src/paperless/scripts/removePdfPassword.py
- PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON} - PAPERLESS_OCR_USER_ARGS=${USER_ARGS_JSON}
- PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
- PAPERLESS_SOCIALACCOUNT_PROVIDERS=${PAPERLESS_SOCIALACCOUNT_PROVIDERS}
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://paperless.home.florianzirker.de,https://auth.home.florianzirker.de
labels: labels:
- "docker.group=paperless" - "docker.group=paperless"

24
proxy/Caddyfile
View file

@ -4,15 +4,7 @@
output stdout output stdout
format console format console
} }
} debug
(proxy-auth) {
reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000
forward_auth http://authentik-server:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
trusted_proxies private_ranges
}
} }
*.{$DOMAIN} { *.{$DOMAIN} {
@ -30,11 +22,8 @@
@whoami host whoami.{$DOMAIN} @whoami host whoami.{$DOMAIN}
handle @whoami { handle @whoami {
route {
import proxy-auth
reverse_proxy whoami:80 reverse_proxy whoami:80
} }
}
@dashboard host dashboard.{$DOMAIN} @dashboard host dashboard.{$DOMAIN}
handle @dashboard { handle @dashboard {
@ -49,11 +38,8 @@
@zigbee2mqtt host zigbee2mqtt.{$DOMAIN} @zigbee2mqtt host zigbee2mqtt.{$DOMAIN}
handle @zigbee2mqtt { handle @zigbee2mqtt {
route {
import proxy-auth
reverse_proxy zigbee2mqtt:8080 reverse_proxy zigbee2mqtt:8080
} }
}
@jellyfin host jellyfin.{$DOMAIN} @jellyfin host jellyfin.{$DOMAIN}
handle @jellyfin { handle @jellyfin {
@ -77,16 +63,8 @@
@torrent host torrent.{$DOMAIN} @torrent host torrent.{$DOMAIN}
handle @torrent { handle @torrent {
route {
import proxy-auth
reverse_proxy transmission:9091 reverse_proxy transmission:9091
} }
}
@auth host auth.{$DOMAIN}
handle @auth {
reverse_proxy authentik-server:9000
}
# Fallback unhandled (sub)domains # Fallback unhandled (sub)domains
handle { handle {

2
proxy/docker-compose.yaml
View file

@ -37,4 +37,6 @@ services:
networks: networks:
web: web:
external: true external: true
dockersocket:
external: true

1
start-all.sh
View file

@ -6,7 +6,6 @@ function up {
} }
up proxy; up proxy;
up auth;
up monitoring; up monitoring;
up smartHome; up smartHome;
up dashboard; up dashboard;