init authelia docker

authelia/config/authelia/configuration.yml

@@ -0,0 +1,18 @@
+server:
+  endpoints:
+    authz:
+      forward-auth:
+        implementation: 'ForwardAuth'
+
+# Security https://www.authelia.com/configuration/security/access-control/
+access_control:
+  rules:
+  - domain: '*.tremendousturtle.tools'
+    policy: two_factor
+
+# Session https://www.authelia.com/configuration/session/introduction/
+# Set also AUTHELIA_SESSION_SECRET_FILE
+session:
+  cookies:
+    - domain: 'tremendousturtle.tools'
+      authelia_url: 'https://auth.tremendousturtle.tools'

authelia/docker-compose.yml

@@ -0,0 +1,78 @@
+name: "authelia"
+services:
+  app:
+    image: authelia/authelia:latest
+    restart: unless-stopped
+    depends_on:
+      - database
+      - redis
+    volumes:
+      - ./config/authelia:/config
+    ports:
+      - "9091:9091"
+    environment:
+      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: /run/secrets/jwt_secret
+      AUTHELIA_SESSION_SECRET_FILE: /run/secrets/session_secret
+      AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: /run/secrets/smtp_pass
+      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /run/secrets/storage_encryption_key
+      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /run/secrets/postgres_pass
+      AUTHELIA_SESSION_REDIS_PASSWORD_FILE: /run/secrets/redis_pass
+      AUTHELIA_THEME: auto
+      AUTHELIA_LOG_LEVEL: debug
+      AUTHELIA_AUTHENTICATION_BACKEND_FILE_PATH: /run/secrets/users_database
+      AUTHELIA_TOTP_ISSUER: tremendousturtle.tools
+      AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: deny
+      AUTHELIA_SESSION_REDIS_HOST: redis
+      AUTHELIA_SESSION_REDIS_PORT: 6379
+      AUTHELIA_STORAGE_POSTGRES_ADDRESS: tcp://database:5432
+      AUTHELIA_STORAGE_POSTGRES_DATABASE: authelia
+      AUTHELIA_STORAGE_POSTGRES_USERNAME: authelia
+      AUTHELIA_NOTIFIER_SMTP_ADDRESS: submissions://smtp.mailgun.org:465
+      AUTHELIA_NOTIFIER_SMTP_USERNAME: auth@mail.tremendousturtle.tools
+      AUTHELIA_NOTIFIER_SMTP_SENDER: Authelia <auth@tremendousturtle.tools>
+    secrets:
+      - jwt_secret
+      - session_secret
+      - smtp_pass
+      - storage_encryption_key
+      - postgres_pass
+      - redis_pass
+      - users_database
+
+  database:
+    image: postgres:15
+    restart: unless-stopped
+    volumes:
+      - ./data/postgres:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: authelia
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_pass
+    secrets:
+      - postgres_pass
+
+  redis:
+    image: redis:7
+    restart: unless-stopped
+    environment:
+      REDIS_PASSWORD_FILE: /run/secrets/redis_pass
+    command: sh -c "redis-server --save 60 1 --loglevel warning --requirepass $(cat $$REDIS_PASSWORD_FILE)"
+    volumes:
+      - ./data/redis:/data
+    secrets:
+      - redis_pass
+
+secrets:
+  postgres_pass:
+    file: ./secrets/POSTGRES_PASS
+  jwt_secret:
+    file: ./secrets/JWT_SECRET
+  session_secret:
+    file: ./secrets/SESSION_SECRET
+  smtp_pass:
+    file: ./secrets/SMTP_PASSWORD
+  storage_encryption_key:
+    file: ./secrets/STORAGE_ENCRYPTION_KEY
+  redis_pass:
+    file: ./secrets/REDIS_PASSWORD
+  users_database:
+    file: ./secrets/users_database.yml