Compare commits
19 Commits
909150f2b0
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| ff8f84b550 | |||
| 13ab653c48 | |||
| 46a43c9820 | |||
| dbb5a71a0b | |||
| 54c197b464 | |||
| 8ee7ba83b5 | |||
| 1ae8c6cdb4 | |||
| d3aa09298f | |||
| a2b2a73e58 | |||
| 1539d44d10 | |||
| 00ebbd0f16 | |||
| 8288f0ba3c | |||
| 91706bbf09 | |||
| 609d932507 | |||
| 4e67fdb8a0 | |||
| 9327a3f953 | |||
| 1855d45aa9 | |||
| 812dd38f2e | |||
| 4a88d7d3f7 |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -6,4 +6,3 @@ db
|
|||||||
|
|
||||||
# Files
|
# Files
|
||||||
.env
|
.env
|
||||||
users
|
|
||||||
79
authentik/compose.yml
Normal file
79
authentik/compose.yml
Normal file
@@ -0,0 +1,79 @@
|
|||||||
|
# /services/authentik/compose.yml
|
||||||
|
|
||||||
|
services:
|
||||||
|
authentik_server:
|
||||||
|
image: authentik/server:2025.10
|
||||||
|
container_name: authentik_server
|
||||||
|
restart: always
|
||||||
|
command: server
|
||||||
|
depends_on:
|
||||||
|
authentik_db:
|
||||||
|
condition: service_healthy
|
||||||
|
environment:
|
||||||
|
AUTHENTIK_POSTGRESQL__HOST: authentik_db
|
||||||
|
AUTHENTIK_POSTGRESQL__NAME: authentik
|
||||||
|
AUTHENTIK_POSTGRESQL__USER: authentik
|
||||||
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
|
||||||
|
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- traefik
|
||||||
|
volumes:
|
||||||
|
- ./data/media:/media
|
||||||
|
- ./data/templates:/templates
|
||||||
|
|
||||||
|
authentik_worker:
|
||||||
|
image: authentik/server:2025.10
|
||||||
|
container_name: authentik_worker
|
||||||
|
restart: always
|
||||||
|
command: worker
|
||||||
|
depends_on:
|
||||||
|
authentik_db:
|
||||||
|
condition: service_healthy
|
||||||
|
environment:
|
||||||
|
AUTHENTIK_POSTGRESQL__HOST: authentik_db
|
||||||
|
AUTHENTIK_POSTGRESQL__NAME: authentik
|
||||||
|
AUTHENTIK_POSTGRESQL__USER: authentik
|
||||||
|
AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
|
||||||
|
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
user: root
|
||||||
|
volumes:
|
||||||
|
- ./certs:/certs
|
||||||
|
- ./data/media:/media
|
||||||
|
- ./data/templates:/templates
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
|
||||||
|
authentik_proxy:
|
||||||
|
image: authentik/proxy:2025.10
|
||||||
|
container_name: authentik_proxy
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
AUTHENTIK_HOST: https://login.eliasfink.de
|
||||||
|
AUTHENTIK_TOKEN: ${AUTHENTIK_OUTPOST_TOKEN}
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- traefik
|
||||||
|
|
||||||
|
authentik_db:
|
||||||
|
image: postgres:16
|
||||||
|
container_name: authentik_db
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: authentik
|
||||||
|
POSTGRES_USER: authentik
|
||||||
|
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
||||||
|
healthcheck:
|
||||||
|
test: pg_isready
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
volumes:
|
||||||
|
- ./db:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
networks:
|
||||||
|
traefik:
|
||||||
|
external: true
|
||||||
@@ -12,6 +12,16 @@ services:
|
|||||||
CMD_ALLOW_EMAIL_REGISTER: false
|
CMD_ALLOW_EMAIL_REGISTER: false
|
||||||
CMD_DB_URL: postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
|
CMD_DB_URL: postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
|
||||||
CMD_DOMAIN: pad.eliasfink.de
|
CMD_DOMAIN: pad.eliasfink.de
|
||||||
|
CMD_OAUTH2_PROVIDERNAME: EFlogin
|
||||||
|
CMD_OAUTH2_CLIENT_ID: ${OAUTH2_CLIENT_ID}
|
||||||
|
CMD_OAUTH2_CLIENT_SECRET: ${OAUTH2_CLIENT_SECRET}
|
||||||
|
CMD_OAUTH2_SCOPE: openid email profile
|
||||||
|
CMD_OAUTH2_AUTHORIZATION_URL: https://login.eliasfink.de/application/o/authorize/
|
||||||
|
CMD_OAUTH2_TOKEN_URL: https://login.eliasfink.de/application/o/token/
|
||||||
|
CMD_OAUTH2_USER_PROFILE_URL: https://login.eliasfink.de/application/o/userinfo/
|
||||||
|
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
|
||||||
|
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
|
||||||
|
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
|
||||||
CMD_PROTOCOL_USESSL: true
|
CMD_PROTOCOL_USESSL: true
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
|
|||||||
@@ -1,17 +0,0 @@
|
|||||||
# /services/home-assistant/compose.yml
|
|
||||||
|
|
||||||
services:
|
|
||||||
home-assistant:
|
|
||||||
image: homeassistant/home-assistant:2025.7
|
|
||||||
container_name: home-assistant
|
|
||||||
restart: always
|
|
||||||
networks:
|
|
||||||
- traefik
|
|
||||||
volumes:
|
|
||||||
- ./data:/config
|
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- /run/dbus:/run/dbus:ro
|
|
||||||
|
|
||||||
networks:
|
|
||||||
traefik:
|
|
||||||
external: true
|
|
||||||
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
nextcloud:
|
nextcloud:
|
||||||
image: nextcloud:31
|
image: nextcloud:32
|
||||||
container_name: nextcloud
|
container_name: nextcloud
|
||||||
restart: always
|
restart: always
|
||||||
depends_on:
|
depends_on:
|
||||||
|
|||||||
@@ -11,20 +11,22 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
ENABLE_CONVERSIONS: true
|
ENABLE_CONVERSIONS: true
|
||||||
OVERLEAF_ADMIN_EMAIL: mail@eliasfink.de
|
OVERLEAF_ADMIN_EMAIL: mail@eliasfink.de
|
||||||
OVERLEAF_APP_NAME: EFtex
|
OVERLEAF_APP_NAME: EFlatex
|
||||||
OVERLEAF_RIGHT_FOOTER: '[{"text": "Datenschutz", "url" : "https://privacy.eliasfink.de"}]'
|
|
||||||
OVERLEAF_EMAIL_FROM_ADDRESS: no-reply@eliasfink.de
|
OVERLEAF_EMAIL_FROM_ADDRESS: no-reply@eliasfink.de
|
||||||
OVERLEAF_EMAIL_SMTP_HOST: mxe92f.netcup.net
|
OVERLEAF_EMAIL_SMTP_HOST: mxe92f.netcup.net
|
||||||
OVERLEAF_EMAIL_SMTP_PORT: 465
|
|
||||||
OVERLEAF_EMAIL_SMTP_SECURE: true
|
|
||||||
OVERLEAF_EMAIL_SMTP_USER: no-reply@eliasfink.de
|
OVERLEAF_EMAIL_SMTP_USER: no-reply@eliasfink.de
|
||||||
OVERLEAF_EMAIL_SMTP_PASS: ${EMAIL_PASSWORD}
|
OVERLEAF_EMAIL_SMTP_PASS: ${EMAIL_PASSWORD}
|
||||||
|
OVERLEAF_EMAIL_SMTP_PORT: 465
|
||||||
|
OVERLEAF_EMAIL_SMTP_SECURE: true
|
||||||
OVERLEAF_HEADER_IMAGE_URL: https://static.eliasfink.de/img/logo/logo.svg
|
OVERLEAF_HEADER_IMAGE_URL: https://static.eliasfink.de/img/logo/logo.svg
|
||||||
OVERLEAF_MONGO_URL: mongodb://overleaf_db/overleaf
|
OVERLEAF_MONGO_URL: mongodb://overleaf_db/overleaf
|
||||||
OVERLEAF_REDIS_HOST: overleaf_redis
|
OVERLEAF_REDIS_HOST: overleaf_redis
|
||||||
|
OVERLEAF_RIGHT_FOOTER: '[{"text": "Datenschutz", "url" : "https://privacy.eliasfink.de"}]'
|
||||||
OVERLEAF_SITE_LANGUAGE: de
|
OVERLEAF_SITE_LANGUAGE: de
|
||||||
OVERLEAF_SITE_URL: https://tex.eliasfink.de
|
OVERLEAF_SITE_URL: https://latex.eliasfink.de
|
||||||
REDIS_HOST: overleaf_redis
|
REDIS_HOST: overleaf_redis
|
||||||
|
labels:
|
||||||
|
- com.centurylinklabs.watchtower.enable=false
|
||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
- traefik
|
- traefik
|
||||||
@@ -49,7 +51,8 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
- default
|
- default
|
||||||
volumes:
|
volumes:
|
||||||
- ./db:/data/db
|
- ./db/config:/data/configdb
|
||||||
|
- ./db/data:/data/db
|
||||||
- ./config/mongodb-init-replica-set.js:/docker-entrypoint-initdb.d/mongodb-init-replica-set.js
|
- ./config/mongodb-init-replica-set.js:/docker-entrypoint-initdb.d/mongodb-init-replica-set.js
|
||||||
|
|
||||||
overleaf_redis:
|
overleaf_redis:
|
||||||
|
|||||||
@@ -1,16 +0,0 @@
|
|||||||
# /services/traefik/config/dashboard/dashboard.yml
|
|
||||||
|
|
||||||
http:
|
|
||||||
routers:
|
|
||||||
traefik:
|
|
||||||
entryPoints:
|
|
||||||
- https
|
|
||||||
rule: Host(`traefik.eliasfink.de`)
|
|
||||||
middlewares:
|
|
||||||
- traefik-dashboard-auth
|
|
||||||
service: api@internal
|
|
||||||
|
|
||||||
middlewares:
|
|
||||||
traefik-dashboard-auth:
|
|
||||||
digestAuth:
|
|
||||||
usersFile: /etc/traefik/config/dashboard/users
|
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
# /services/traefik/config/home-redirection.yml
|
# /services/traefik/config/middlewares/home-redirection.yml
|
||||||
|
|
||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
30
traefik/config/middlewares/traefik-dashboard-auth.yml
Normal file
30
traefik/config/middlewares/traefik-dashboard-auth.yml
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
# /services/traefik/config/middlewares/dashboard.yml
|
||||||
|
|
||||||
|
http:
|
||||||
|
routers:
|
||||||
|
traefik:
|
||||||
|
entryPoints:
|
||||||
|
- https
|
||||||
|
rule: Host(`traefik.eliasfink.de`)
|
||||||
|
middlewares:
|
||||||
|
- traefik-dashboard-auth
|
||||||
|
service: api@internal
|
||||||
|
|
||||||
|
middlewares:
|
||||||
|
traefik-dashboard-auth:
|
||||||
|
forwardAuth:
|
||||||
|
address: http://authentik_proxy:9000/outpost.goauthentik.io/auth/traefik
|
||||||
|
trustForwardHeader: true
|
||||||
|
authResponseHeaders:
|
||||||
|
- X-authentik-username
|
||||||
|
- X-authentik-groups
|
||||||
|
- X-authentik-entitlements
|
||||||
|
- X-authentik-email
|
||||||
|
- X-authentik-name
|
||||||
|
- X-authentik-uid
|
||||||
|
- X-authentik-jwt
|
||||||
|
- X-authentik-meta-jwks
|
||||||
|
- X-authentik-meta-outpost
|
||||||
|
- X-authentik-meta-provider
|
||||||
|
- X-authentik-meta-app
|
||||||
|
- X-authentik-meta-version
|
||||||
24
traefik/config/services/authentik.yml
Normal file
24
traefik/config/services/authentik.yml
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
# /services/traefik/config/services/authentik.yml
|
||||||
|
|
||||||
|
http:
|
||||||
|
routers:
|
||||||
|
login:
|
||||||
|
entryPoints:
|
||||||
|
- https
|
||||||
|
rule: Host(`login.eliasfink.de`)
|
||||||
|
service: authentik
|
||||||
|
login_outpost:
|
||||||
|
entryPoints:
|
||||||
|
- https
|
||||||
|
rule: Host(`login.eliasfink.de`) && PathPrefix(`/outpost.goauthentik.io/`)
|
||||||
|
service: authentik_proxy
|
||||||
|
|
||||||
|
services:
|
||||||
|
authentik:
|
||||||
|
loadBalancer:
|
||||||
|
servers:
|
||||||
|
- url: http://authentik_server:9000
|
||||||
|
authentik_proxy:
|
||||||
|
loadBalancer:
|
||||||
|
servers:
|
||||||
|
- url: http://authentik_proxy:9000
|
||||||
@@ -1,15 +0,0 @@
|
|||||||
# /services/traefik/config/services/home-assistant.yml
|
|
||||||
|
|
||||||
http:
|
|
||||||
routers:
|
|
||||||
smarthome:
|
|
||||||
entryPoints:
|
|
||||||
- https
|
|
||||||
rule: Host(`smarthome.eliasfink.de`)
|
|
||||||
service: home-assistant
|
|
||||||
|
|
||||||
services:
|
|
||||||
home-assistant:
|
|
||||||
loadBalancer:
|
|
||||||
servers:
|
|
||||||
- url: http://home-assistant:8123
|
|
||||||
@@ -2,10 +2,10 @@
|
|||||||
|
|
||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
tex:
|
latex:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- https
|
- https
|
||||||
rule: Host(`tex.eliasfink.de`)
|
rule: Host(`latex.eliasfink.de`)
|
||||||
service: overleaf
|
service: overleaf
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|||||||
@@ -6,10 +6,10 @@ http:
|
|||||||
entryPoints:
|
entryPoints:
|
||||||
- https
|
- https
|
||||||
rule: Host(`status.eliasfink.de`)
|
rule: Host(`status.eliasfink.de`)
|
||||||
service: uptime-kuma
|
service: authentik_proxy
|
||||||
|
|
||||||
services:
|
# services:
|
||||||
uptime-kuma:
|
# uptime-kuma:
|
||||||
loadBalancer:
|
# loadBalancer:
|
||||||
servers:
|
# servers:
|
||||||
- url: http://uptime-kuma:3001
|
# - url: http://uptime-kuma:3001
|
||||||
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
uptime-kuma:
|
uptime-kuma:
|
||||||
image: louislam/uptime-kuma:1
|
image: louislam/uptime-kuma:2
|
||||||
container_name: uptime-kuma
|
container_name: uptime-kuma
|
||||||
restart: always
|
restart: always
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
watchtower:
|
watchtower:
|
||||||
image: containrrr/watchtower:arm64v8-latest
|
image: nickfedor/watchtower:latest
|
||||||
container_name: watchtower
|
container_name: watchtower
|
||||||
restart: always
|
restart: always
|
||||||
command:
|
command:
|
||||||
|
|||||||
Reference in New Issue
Block a user