From f170058551f03b7aed53d0ae203431970bcc2ba6 Mon Sep 17 00:00:00 2001 From: Chris King Date: Mon, 16 Dec 2024 01:42:38 -0800 Subject: [PATCH] init authelia docker --- authelia/config/authelia/configuration.yml | 18 +++++ authelia/docker-compose.yml | 78 ++++++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 authelia/config/authelia/configuration.yml create mode 100644 authelia/docker-compose.yml diff --git a/authelia/config/authelia/configuration.yml b/authelia/config/authelia/configuration.yml new file mode 100644 index 0000000..1431ba4 --- /dev/null +++ b/authelia/config/authelia/configuration.yml @@ -0,0 +1,18 @@ +server: + endpoints: + authz: + forward-auth: + implementation: 'ForwardAuth' + +# Security https://www.authelia.com/configuration/security/access-control/ +access_control: + rules: + - domain: '*.tremendousturtle.tools' + policy: two_factor + +# Session https://www.authelia.com/configuration/session/introduction/ +# Set also AUTHELIA_SESSION_SECRET_FILE +session: + cookies: + - domain: 'tremendousturtle.tools' + authelia_url: 'https://auth.tremendousturtle.tools' \ No newline at end of file diff --git a/authelia/docker-compose.yml b/authelia/docker-compose.yml new file mode 100644 index 0000000..686766d --- /dev/null +++ b/authelia/docker-compose.yml @@ -0,0 +1,78 @@ +name: "authelia" +services: + app: + image: authelia/authelia:latest + restart: unless-stopped + depends_on: + - database + - redis + volumes: + - ./config/authelia:/config + ports: + - "9091:9091" + environment: + AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: /run/secrets/jwt_secret + AUTHELIA_SESSION_SECRET_FILE: /run/secrets/session_secret + AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /run/secrets/smtp_pass + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/storage_encryption_key + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/postgres_pass + AUTHELIA_SESSION_REDIS_PASSWORD_FILE: /run/secrets/redis_pass + AUTHELIA_THEME: auto + AUTHELIA_LOG_LEVEL: debug + AUTHELIA_AUTHENTICATION_BACKEND_FILE_PATH: /run/secrets/users_database + AUTHELIA_TOTP_ISSUER: tremendousturtle.tools + AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: deny + AUTHELIA_SESSION_REDIS_HOST: redis + AUTHELIA_SESSION_REDIS_PORT: 6379 + AUTHELIA_STORAGE_POSTGRES_ADDRESS: tcp://database:5432 + AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia + AUTHELIA_STORAGE_POSTGRES_USERNAME: authelia + AUTHELIA_NOTIFIER_SMTP_ADDRESS: submissions://smtp.mailgun.org:465 + AUTHELIA_NOTIFIER_SMTP_USERNAME: auth@mail.tremendousturtle.tools + AUTHELIA_NOTIFIER_SMTP_SENDER: Authelia + secrets: + - jwt_secret + - session_secret + - smtp_pass + - storage_encryption_key + - postgres_pass + - redis_pass + - users_database + + database: + image: postgres:15 + restart: unless-stopped + volumes: + - ./data/postgres:/var/lib/postgresql/data + environment: + POSTGRES_USER: authelia + POSTGRES_PASSWORD_FILE: /run/secrets/postgres_pass + secrets: + - postgres_pass + + redis: + image: redis:7 + restart: unless-stopped + environment: + REDIS_PASSWORD_FILE: /run/secrets/redis_pass + command: sh -c "redis-server --save 60 1 --loglevel warning --requirepass $(cat $$REDIS_PASSWORD_FILE)" + volumes: + - ./data/redis:/data + secrets: + - redis_pass + +secrets: + postgres_pass: + file: ./secrets/POSTGRES_PASS + jwt_secret: + file: ./secrets/JWT_SECRET + session_secret: + file: ./secrets/SESSION_SECRET + smtp_pass: + file: ./secrets/SMTP_PASSWORD + storage_encryption_key: + file: ./secrets/STORAGE_ENCRYPTION_KEY + redis_pass: + file: ./secrets/REDIS_PASSWORD + users_database: + file: ./secrets/users_database.yml