Change overleaf domain to latex.eliasfink.de

.gitignore

@@ -5,5 +5,4 @@ data
 db
 
 # Files
-.env
+.env
-users

authentik/compose.yml

@@ -44,6 +44,17 @@ services:
       - ./data/media:/media
       - ./data/templates:/templates
       - /var/run/docker.sock:/var/run/docker.sock
+  
+  authentik_proxy:
+    image: authentik/proxy:2025.10
+    container_name: authentik_proxy
+    restart: always
+    environment:
+      AUTHENTIK_HOST: https://login.eliasfink.de
+      AUTHENTIK_TOKEN: ${AUTHENTIK_OUTPOST_TOKEN}
+    networks:
+      - default
+      - traefik
 
   authentik_db:
     image: postgres:16

hedgedoc/compose.yml

@@ -12,6 +12,16 @@ services:
       CMD_ALLOW_EMAIL_REGISTER: false
       CMD_DB_URL: postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
       CMD_DOMAIN: pad.eliasfink.de
+      CMD_OAUTH2_PROVIDERNAME: EFlogin
+      CMD_OAUTH2_CLIENT_ID: ${OAUTH2_CLIENT_ID}
+      CMD_OAUTH2_CLIENT_SECRET: ${OAUTH2_CLIENT_SECRET} 
+      CMD_OAUTH2_SCOPE: openid email profile
+      CMD_OAUTH2_AUTHORIZATION_URL: https://login.eliasfink.de/application/o/authorize/
+      CMD_OAUTH2_TOKEN_URL: https://login.eliasfink.de/application/o/token/
+      CMD_OAUTH2_USER_PROFILE_URL: https://login.eliasfink.de/application/o/userinfo/
+      CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
+      CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
+      CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
       CMD_PROTOCOL_USESSL: true
     networks:
       - default

home-assistant/compose.yml

@@ -1,17 +0,0 @@
-# /services/home-assistant/compose.yml
-
-services:
-  home-assistant:
-    image: homeassistant/home-assistant:2025.7
-    container_name: home-assistant
-    restart: always
-    networks:
-      - traefik
-    volumes:
-      - ./data:/config
-      - /etc/localtime:/etc/localtime:ro
-      - /run/dbus:/run/dbus:ro
-
-networks:
-  traefik:
-    external: true

nextcloud/compose.yml

@@ -2,7 +2,7 @@
 
 services:
   nextcloud:
-    image: nextcloud:31
+    image: nextcloud:32
     container_name: nextcloud
     restart: always
     depends_on:

overleaf/compose.yml

@@ -11,20 +11,22 @@ services:
     environment:
       ENABLE_CONVERSIONS: true
       OVERLEAF_ADMIN_EMAIL: mail@eliasfink.de
-      OVERLEAF_APP_NAME: EFtex
+      OVERLEAF_APP_NAME: EFlatex
-      OVERLEAF_RIGHT_FOOTER: '[{"text": "Datenschutz", "url" : "https://privacy.eliasfink.de"}]'
       OVERLEAF_EMAIL_FROM_ADDRESS: no-reply@eliasfink.de
       OVERLEAF_EMAIL_SMTP_HOST: mxe92f.netcup.net
-      OVERLEAF_EMAIL_SMTP_PORT: 465
-      OVERLEAF_EMAIL_SMTP_SECURE: true
       OVERLEAF_EMAIL_SMTP_USER: no-reply@eliasfink.de
       OVERLEAF_EMAIL_SMTP_PASS: ${EMAIL_PASSWORD}
+      OVERLEAF_EMAIL_SMTP_PORT: 465
+      OVERLEAF_EMAIL_SMTP_SECURE: true
       OVERLEAF_HEADER_IMAGE_URL: https://static.eliasfink.de/img/logo/logo.svg
       OVERLEAF_MONGO_URL: mongodb://overleaf_db/overleaf
       OVERLEAF_REDIS_HOST: overleaf_redis
+      OVERLEAF_RIGHT_FOOTER: '[{"text": "Datenschutz", "url" : "https://privacy.eliasfink.de"}]'
       OVERLEAF_SITE_LANGUAGE: de
-      OVERLEAF_SITE_URL: https://tex.eliasfink.de
+      OVERLEAF_SITE_URL: https://latex.eliasfink.de
       REDIS_HOST: overleaf_redis
+    labels:
+      - com.centurylinklabs.watchtower.enable=false
     networks:
       - default
       - traefik
@@ -49,7 +51,8 @@ services:
     networks:
       - default
     volumes:
-      - ./db:/data/db
+      - ./db/config:/data/configdb
+      - ./db/data:/data/db
       - ./config/mongodb-init-replica-set.js:/docker-entrypoint-initdb.d/mongodb-init-replica-set.js
 
   overleaf_redis:

traefik/config/dashboard/dashboard.yml

@@ -1,16 +0,0 @@
-# /services/traefik/config/dashboard/dashboard.yml
-
-http:
-  routers:
-    traefik:
-      entryPoints:
-        - https
-      rule: Host(`traefik.eliasfink.de`)
-      middlewares:
-        - traefik-dashboard-auth
-      service: api@internal
-
-  middlewares:
-    traefik-dashboard-auth:
-      digestAuth:
-        usersFile: /etc/traefik/config/dashboard/users

traefik/config/middlewares/home-redirection.yml

@@ -1,4 +1,4 @@
-# /services/traefik/config/home-redirection.yml
+# /services/traefik/config/middlewares/home-redirection.yml
 
 http:
   routers:

traefik/config/middlewares/traefik-dashboard-auth.yml

@@ -0,0 +1,30 @@
+# /services/traefik/config/middlewares/dashboard.yml
+
+http:
+  routers:
+    traefik:
+      entryPoints:
+        - https
+      rule: Host(`traefik.eliasfink.de`)
+      middlewares:
+        - traefik-dashboard-auth
+      service: api@internal
+
+  middlewares:
+    traefik-dashboard-auth:
+      forwardAuth:
+        address: http://authentik_proxy:9000/outpost.goauthentik.io/auth/traefik
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-entitlements
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
+          - X-authentik-jwt
+          - X-authentik-meta-jwks
+          - X-authentik-meta-outpost
+          - X-authentik-meta-provider
+          - X-authentik-meta-app
+          - X-authentik-meta-version

traefik/config/services/authentik.yml

@@ -2,14 +2,23 @@
 
 http:
   routers:
-    auth:
+    login:
       entryPoints:
         - https
-      rule: Host(`auth.eliasfink.de`)
+      rule: Host(`login.eliasfink.de`)
       service: authentik
+    login_outpost:
+      entryPoints:
+        - https
+      rule: Host(`login.eliasfink.de`) && PathPrefix(`/outpost.goauthentik.io/`)
+      service: authentik_proxy
 
   services:
     authentik:
       loadBalancer:
         servers:
-          - url: http://authentik_server:9000
+          - url: http://authentik_server:9000
+    authentik_proxy:
+      loadBalancer:
+        servers:
+          - url: http://authentik_proxy:9000

traefik/config/services/home-assistant.yml

@@ -1,15 +0,0 @@
-# /services/traefik/config/services/home-assistant.yml
-
-http:
-  routers:
-    smarthome:
-      entryPoints:
-        - https
-      rule: Host(`smarthome.eliasfink.de`)
-      service: home-assistant
-
-  services:
-    home-assistant:
-      loadBalancer:
-        servers:
-          - url: http://home-assistant:8123

traefik/config/services/overleaf.yml

@@ -2,10 +2,10 @@
 
 http:
   routers:
-    tex:
+    latex:
       entryPoints:
         - https
-      rule: Host(`tex.eliasfink.de`)
+      rule: Host(`latex.eliasfink.de`)
       service: overleaf
 
   services:

traefik/config/services/uptime-kuma.yml

@@ -6,10 +6,10 @@ http:
       entryPoints:
         - https
       rule: Host(`status.eliasfink.de`)
-      service: uptime-kuma
+      service: authentik_proxy
 
-  services:
+# services:
-    uptime-kuma:
+#   uptime-kuma:
-      loadBalancer:
+#     loadBalancer:
-        servers:
+#       servers:
-          - url: http://uptime-kuma:3001
+#         - url: http://uptime-kuma:3001

uptime-kuma/compose.yml

@@ -2,7 +2,7 @@
 
 services:
   uptime-kuma:
-    image: louislam/uptime-kuma:1
+    image: louislam/uptime-kuma:2
     container_name: uptime-kuma
     restart: always
     networks:

watchtower/compose.yml

@@ -2,7 +2,7 @@
 
 services:
   watchtower:
-    image: containrrr/watchtower:arm64v8-latest
+    image: nickfedor/watchtower:latest
     container_name: watchtower
     restart: always
     command: