Change overleaf domain to latex.eliasfink.de

Update uptime kuma to major version 2
Correct overleaf compose file
2025-12-22 17:34:33 +01:00 · 2025-12-22 17:34:20 +01:00 · 2025-11-13 11:55:14 +01:00 · 2025-11-13 10:33:59 +01:00 · 2025-11-13 10:25:31 +01:00 · 2025-11-13 10:24:49 +01:00
15 changed files with 85 additions and 71 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -5,5 +5,4 @@ data
 db

 # Files
-.env
-users
+.env
--- a/authentik/compose.yml
+++ b/authentik/compose.yml
@@ -44,6 +44,17 @@ services:
      - ./data/media:/media
      - ./data/templates:/templates
      - /var/run/docker.sock:/var/run/docker.sock
+  
+  authentik_proxy:
+    image: authentik/proxy:2025.10
+    container_name: authentik_proxy
+    restart: always
+    environment:
+      AUTHENTIK_HOST: https://login.eliasfink.de
+      AUTHENTIK_TOKEN: ${AUTHENTIK_OUTPOST_TOKEN}
+    networks:
+      - default
+      - traefik

  authentik_db:
    image: postgres:16
--- a/hedgedoc/compose.yml
+++ b/hedgedoc/compose.yml
@@ -12,6 +12,16 @@ services:
      CMD_ALLOW_EMAIL_REGISTER: false
      CMD_DB_URL: postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
      CMD_DOMAIN: pad.eliasfink.de
+      CMD_OAUTH2_PROVIDERNAME: EFlogin
+      CMD_OAUTH2_CLIENT_ID: ${OAUTH2_CLIENT_ID}
+      CMD_OAUTH2_CLIENT_SECRET: ${OAUTH2_CLIENT_SECRET} 
+      CMD_OAUTH2_SCOPE: openid email profile
+      CMD_OAUTH2_AUTHORIZATION_URL: https://login.eliasfink.de/application/o/authorize/
+      CMD_OAUTH2_TOKEN_URL: https://login.eliasfink.de/application/o/token/
+      CMD_OAUTH2_USER_PROFILE_URL: https://login.eliasfink.de/application/o/userinfo/
+      CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
+      CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
+      CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
      CMD_PROTOCOL_USESSL: true
    networks:
      - default
--- a/home-assistant/compose.yml
+++ b/home-assistant/compose.yml
@@ -1,17 +0,0 @@
-# /services/home-assistant/compose.yml
-
-services:
-  home-assistant:
-    image: homeassistant/home-assistant:2025.7
-    container_name: home-assistant
-    restart: always
-    networks:
-      - traefik
-    volumes:
-      - ./data:/config
-      - /etc/localtime:/etc/localtime:ro
-      - /run/dbus:/run/dbus:ro
-
-networks:
-  traefik:
-    external: true
--- a/nextcloud/compose.yml
+++ b/nextcloud/compose.yml
@@ -2,7 +2,7 @@

 services:
  nextcloud:
-    image: nextcloud:31
+    image: nextcloud:32
    container_name: nextcloud
    restart: always
    depends_on:
--- a/overleaf/compose.yml
+++ b/overleaf/compose.yml
@@ -11,20 +11,22 @@ services:
    environment:
      ENABLE_CONVERSIONS: true
      OVERLEAF_ADMIN_EMAIL: mail@eliasfink.de
-      OVERLEAF_APP_NAME: EFtex
-      OVERLEAF_RIGHT_FOOTER: '[{"text": "Datenschutz", "url" : "https://privacy.eliasfink.de"}]'
+      OVERLEAF_APP_NAME: EFlatex
      OVERLEAF_EMAIL_FROM_ADDRESS: no-reply@eliasfink.de
      OVERLEAF_EMAIL_SMTP_HOST: mxe92f.netcup.net
-      OVERLEAF_EMAIL_SMTP_PORT: 465
-      OVERLEAF_EMAIL_SMTP_SECURE: true
      OVERLEAF_EMAIL_SMTP_USER: no-reply@eliasfink.de
      OVERLEAF_EMAIL_SMTP_PASS: ${EMAIL_PASSWORD}
+      OVERLEAF_EMAIL_SMTP_PORT: 465
+      OVERLEAF_EMAIL_SMTP_SECURE: true
      OVERLEAF_HEADER_IMAGE_URL: https://static.eliasfink.de/img/logo/logo.svg
      OVERLEAF_MONGO_URL: mongodb://overleaf_db/overleaf
      OVERLEAF_REDIS_HOST: overleaf_redis
+      OVERLEAF_RIGHT_FOOTER: '[{"text": "Datenschutz", "url" : "https://privacy.eliasfink.de"}]'
      OVERLEAF_SITE_LANGUAGE: de
-      OVERLEAF_SITE_URL: https://tex.eliasfink.de
+      OVERLEAF_SITE_URL: https://latex.eliasfink.de
      REDIS_HOST: overleaf_redis
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
    networks:
      - default
      - traefik
@@ -49,7 +51,8 @@ services:
    networks:
      - default
    volumes:
-      - ./db:/data/db
+      - ./db/config:/data/configdb
+      - ./db/data:/data/db
      - ./config/mongodb-init-replica-set.js:/docker-entrypoint-initdb.d/mongodb-init-replica-set.js

  overleaf_redis:
--- a/traefik/config/dashboard/dashboard.yml
+++ b/traefik/config/dashboard/dashboard.yml
@@ -1,16 +0,0 @@
-# /services/traefik/config/dashboard/dashboard.yml
-
-http:
-  routers:
-    traefik:
-      entryPoints:
-        - https
-      rule: Host(`traefik.eliasfink.de`)
-      middlewares:
-        - traefik-dashboard-auth
-      service: api@internal
-
-  middlewares:
-    traefik-dashboard-auth:
-      digestAuth:
-        usersFile: /etc/traefik/config/dashboard/users
--- a/traefik/config/middlewares/home-redirection.yml
+++ b/traefik/config/middlewares/home-redirection.yml
@@ -1,4 +1,4 @@
-# /services/traefik/config/home-redirection.yml
+# /services/traefik/config/middlewares/home-redirection.yml

 http:
  routers:
--- a/traefik/config/middlewares/traefik-dashboard-auth.yml
+++ b/traefik/config/middlewares/traefik-dashboard-auth.yml
@@ -0,0 +1,30 @@
+# /services/traefik/config/middlewares/dashboard.yml
+
+http:
+  routers:
+    traefik:
+      entryPoints:
+        - https
+      rule: Host(`traefik.eliasfink.de`)
+      middlewares:
+        - traefik-dashboard-auth
+      service: api@internal
+
+  middlewares:
+    traefik-dashboard-auth:
+      forwardAuth:
+        address: http://authentik_proxy:9000/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-entitlements
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version
--- a/traefik/config/services/authentik.yml
+++ b/traefik/config/services/authentik.yml
@@ -2,14 +2,23 @@

 http:
  routers:
-    auth:
+    login:
      entryPoints:
        - https
-      rule: Host(`auth.eliasfink.de`)
+      rule: Host(`login.eliasfink.de`)
      service: authentik
+    login_outpost:
+      entryPoints:
+        - https
+      rule: Host(`login.eliasfink.de`) && PathPrefix(`/outpost.goauthentik.io/`)
+      service: authentik_proxy

  services:
    authentik:
      loadBalancer:
        servers:
-          - url: http://authentik_server:9000
+          - url: http://authentik_server:9000
+    authentik_proxy:
+      loadBalancer:
+        servers:
+          - url: http://authentik_proxy:9000
--- a/traefik/config/services/home-assistant.yml
+++ b/traefik/config/services/home-assistant.yml
@@ -1,15 +0,0 @@
-# /services/traefik/config/services/home-assistant.yml
-
-http:
-  routers:
-    smarthome:
-      entryPoints:
-        - https
-      rule: Host(`smarthome.eliasfink.de`)
-      service: home-assistant
-
-  services:
-    home-assistant:
-      loadBalancer:
-        servers:
-          - url: http://home-assistant:8123
--- a/traefik/config/services/overleaf.yml
+++ b/traefik/config/services/overleaf.yml
@@ -2,10 +2,10 @@

 http:
  routers:
-    tex:
+    latex:
      entryPoints:
        - https
-      rule: Host(`tex.eliasfink.de`)
+      rule: Host(`latex.eliasfink.de`)
      service: overleaf

  services:
--- a/traefik/config/services/uptime-kuma.yml
+++ b/traefik/config/services/uptime-kuma.yml
@@ -6,10 +6,10 @@ http:
      entryPoints:
        - https
      rule: Host(`status.eliasfink.de`)
-      service: uptime-kuma
+      service: authentik_proxy

-  services:
-    uptime-kuma:
-      loadBalancer:
-        servers:
-          - url: http://uptime-kuma:3001
+# services:
+#   uptime-kuma:
+#     loadBalancer:
+#       servers:
+#         - url: http://uptime-kuma:3001
--- a/uptime-kuma/compose.yml
+++ b/uptime-kuma/compose.yml
@@ -2,7 +2,7 @@

 services:
  uptime-kuma:
-    image: louislam/uptime-kuma:1
+    image: louislam/uptime-kuma:2
    container_name: uptime-kuma
    restart: always
    networks:
--- a/watchtower/compose.yml
+++ b/watchtower/compose.yml
@@ -2,7 +2,7 @@

 services:
  watchtower:
-    image: containrrr/watchtower:arm64v8-latest
+    image: nickfedor/watchtower:latest
    container_name: watchtower
    restart: always
    command:
Author	SHA1	Message	Date
Elias Fink	ff8f84b550	Change overleaf domain to latex.eliasfink.de	2025-12-22 17:34:33 +01:00
Elias Fink	13ab653c48	Update uptime kuma to major version 2	2025-12-22 17:34:20 +01:00
Elias Fink	46a43c9820	Correct overleaf compose file	2025-11-13 11:55:14 +01:00
Elias Fink	dbb5a71a0b	Exclude overleaf from watchtower	2025-11-13 10:33:59 +01:00
Elias Fink	54c197b464	Add login_outpost router and authentik_proxy service	2025-11-13 10:25:31 +01:00
Elias Fink	8ee7ba83b5	Route status.eliasfink.de to authentik proxy	2025-11-13 10:24:49 +01:00
Elias Fink	1ae8c6cdb4	Update nextcloud version	2025-11-12 23:37:39 +01:00
Elias Fink	d3aa09298f	User newer, fixed watchtower docker image	2025-11-12 23:35:25 +01:00
Elias Fink	a2b2a73e58	Correct watchtower image tag	2025-11-12 23:17:21 +01:00
Elias Fink	1539d44d10	Rename traefik dashboard config file	2025-11-12 16:46:24 +01:00
Elias Fink	00ebbd0f16	Replace traefik dashboard auth with authentik auth	2025-11-12 00:03:21 +01:00
Elias Fink	8288f0ba3c	Restructure traefik config folder	2025-11-12 00:02:56 +01:00
Elias Fink	91706bbf09	Add authentik proxy for traefik forwardAuth	2025-11-12 00:01:45 +01:00
Elias Fink	609d932507	Use login.eliasfink.de as authentik domain	2025-11-11 22:59:38 +01:00
Elias Fink	4e67fdb8a0	Add OAUTH2 login to hedgedoc	2025-11-11 22:58:07 +01:00
Elias Fink	9327a3f953	Remove home assistant	2025-11-11 22:56:28 +01:00