diff options
| author | RATDAD <lambda@disroot.org> | 2026-02-04 17:47:40 -0500 |
|---|---|---|
| committer | RATDAD <lambda@disroot.org> | 2026-02-04 17:47:40 -0500 |
| commit | 8815a6e70720015656298bbf6905eaeda5cd4169 (patch) | |
| tree | c13b1e72cb8b8e5527eda564eb9671da7e28efe3 /stacks/auth | |
| parent | fe7d43ac31f7b9fe0c9be9355d35fa2ee57bd46f (diff) | |
| download | rds-platform-8815a6e70720015656298bbf6905eaeda5cd4169.tar.gz rds-platform-8815a6e70720015656298bbf6905eaeda5cd4169.tar.bz2 rds-platform-8815a6e70720015656298bbf6905eaeda5cd4169.zip | |
Diffstat (limited to 'stacks/auth')
| -rw-r--r-- | stacks/auth/.gitignore | 7 | ||||
| -rw-r--r-- | stacks/auth/compose.cache.yml | 18 | ||||
| -rw-r--r-- | stacks/auth/compose.yml | 33 | ||||
| -rwxr-xr-x | stacks/auth/secrets.sh | 17 | ||||
| -rw-r--r-- | stacks/auth/util/genhash.sh | 8 |
5 files changed, 83 insertions, 0 deletions
diff --git a/stacks/auth/.gitignore b/stacks/auth/.gitignore new file mode 100644 index 0000000..52db271 --- /dev/null +++ b/stacks/auth/.gitignore @@ -0,0 +1,7 @@ +*.env +config/ +config/* +secrets/ +secrets/* +compose.local.yml +compose.cache.local.yml diff --git a/stacks/auth/compose.cache.yml b/stacks/auth/compose.cache.yml new file mode 100644 index 0000000..4c7727a --- /dev/null +++ b/stacks/auth/compose.cache.yml @@ -0,0 +1,18 @@ +name: ${_STACK_1} + +networks: + net: + name: ${_NET_0} + external: true + +services: + servicename: + container_name: ${_CONTAINER_1} + image: redis:latest + restart: unless-stopped + env_file: + - .env + networks: + - net + expose: + - 6379 diff --git a/stacks/auth/compose.yml b/stacks/auth/compose.yml new file mode 100644 index 0000000..e935946 --- /dev/null +++ b/stacks/auth/compose.yml @@ -0,0 +1,33 @@ +name: ${_STACK_0} + +networks: + net: + name: ${_NET_0} + external: true + +secrets: + JWT_SECRET: + file: './secrets/JWT_SECRET' + SESSION_SECRET: + file: './secrets/SESSION_SECRET' + STORAGE_ENCRYPTION: + file: './secrets/STORAGE_ENCRYPTION' + OIDC_HMAC_SECRET: + file: './secrets/OIDC_HMAC_SECRET' + +services: + auth: + container_name: ${_CONTAINER_0} + image: authelia/authelia:latest + restart: unless-stopped + user: '${UID}:${GID}' + secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', OIDC_HMAC_SECRET] + env_file: + - .auth.env # Runtime Vars + - .env # Stack Vars + volumes: + - ./config/:/config + networks: + - net + expose: + - 9091 diff --git a/stacks/auth/secrets.sh b/stacks/auth/secrets.sh new file mode 100755 index 0000000..19031da --- /dev/null +++ b/stacks/auth/secrets.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +USERS=(RATDAD) +SECRETS=(SESSION_SECRET STORAGE_ENCRYPTION JWT_SECRET OIDC_HMAC_SECRET) +SECRET_DIR=$PWD/secrets + +[ ! -d "$SECRET_DIR" ] && mkdir -p "$SECRET_DIR" + +# Generate secrets +for filename in "${SECRETS[@]}"; do + openssl rand -hex 64 > "$SECRET_DIR"/"$filename" +done + +# Generate admin passwords +for filename in "${USERS[@]}"; do + openssl rand -hex 12 > "$SECRET_DIR"/"$filename" +done diff --git a/stacks/auth/util/genhash.sh b/stacks/auth/util/genhash.sh new file mode 100644 index 0000000..d8202ee --- /dev/null +++ b/stacks/auth/util/genhash.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -euo pipefail + +read -rp "Enter a password for the new user: " PASSWORD +HASHED=$(docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password "${PASSWORD}") + +printf "Password: %s\n" "${PASSWORD}" +printf "Hash: %s\n" "${HASHED}" |