From 8815a6e70720015656298bbf6905eaeda5cd4169 Mon Sep 17 00:00:00 2001 From: RATDAD Date: Wed, 4 Feb 2026 17:47:40 -0500 Subject: Added Authelia --- stacks/auth/.gitignore | 7 +++++++ stacks/auth/compose.cache.yml | 18 ++++++++++++++++++ stacks/auth/compose.yml | 33 +++++++++++++++++++++++++++++++++ stacks/auth/secrets.sh | 17 +++++++++++++++++ stacks/auth/util/genhash.sh | 8 ++++++++ 5 files changed, 83 insertions(+) create mode 100644 stacks/auth/.gitignore create mode 100644 stacks/auth/compose.cache.yml create mode 100644 stacks/auth/compose.yml create mode 100755 stacks/auth/secrets.sh create mode 100644 stacks/auth/util/genhash.sh (limited to 'stacks/auth') diff --git a/stacks/auth/.gitignore b/stacks/auth/.gitignore new file mode 100644 index 0000000..52db271 --- /dev/null +++ b/stacks/auth/.gitignore @@ -0,0 +1,7 @@ +*.env +config/ +config/* +secrets/ +secrets/* +compose.local.yml +compose.cache.local.yml diff --git a/stacks/auth/compose.cache.yml b/stacks/auth/compose.cache.yml new file mode 100644 index 0000000..4c7727a --- /dev/null +++ b/stacks/auth/compose.cache.yml @@ -0,0 +1,18 @@ +name: ${_STACK_1} + +networks: + net: + name: ${_NET_0} + external: true + +services: + servicename: + container_name: ${_CONTAINER_1} + image: redis:latest + restart: unless-stopped + env_file: + - .env + networks: + - net + expose: + - 6379 diff --git a/stacks/auth/compose.yml b/stacks/auth/compose.yml new file mode 100644 index 0000000..e935946 --- /dev/null +++ b/stacks/auth/compose.yml @@ -0,0 +1,33 @@ +name: ${_STACK_0} + +networks: + net: + name: ${_NET_0} + external: true + +secrets: + JWT_SECRET: + file: './secrets/JWT_SECRET' + SESSION_SECRET: + file: './secrets/SESSION_SECRET' + STORAGE_ENCRYPTION: + file: './secrets/STORAGE_ENCRYPTION' + OIDC_HMAC_SECRET: + file: './secrets/OIDC_HMAC_SECRET' + +services: + auth: + container_name: ${_CONTAINER_0} + image: authelia/authelia:latest + restart: unless-stopped + user: '${UID}:${GID}' + secrets: ['JWT_SECRET', 'SESSION_SECRET', 'STORAGE_ENCRYPTION', OIDC_HMAC_SECRET] + env_file: + - .auth.env # Runtime Vars + - .env # Stack Vars + volumes: + - ./config/:/config + networks: + - net + expose: + - 9091 diff --git a/stacks/auth/secrets.sh b/stacks/auth/secrets.sh new file mode 100755 index 0000000..19031da --- /dev/null +++ b/stacks/auth/secrets.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +USERS=(RATDAD) +SECRETS=(SESSION_SECRET STORAGE_ENCRYPTION JWT_SECRET OIDC_HMAC_SECRET) +SECRET_DIR=$PWD/secrets + +[ ! -d "$SECRET_DIR" ] && mkdir -p "$SECRET_DIR" + +# Generate secrets +for filename in "${SECRETS[@]}"; do + openssl rand -hex 64 > "$SECRET_DIR"/"$filename" +done + +# Generate admin passwords +for filename in "${USERS[@]}"; do + openssl rand -hex 12 > "$SECRET_DIR"/"$filename" +done diff --git a/stacks/auth/util/genhash.sh b/stacks/auth/util/genhash.sh new file mode 100644 index 0000000..d8202ee --- /dev/null +++ b/stacks/auth/util/genhash.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -euo pipefail + +read -rp "Enter a password for the new user: " PASSWORD +HASHED=$(docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password "${PASSWORD}") + +printf "Password: %s\n" "${PASSWORD}" +printf "Hash: %s\n" "${HASHED}" -- cgit v1.2.3-70-g09d2