diff --git a/docker-compose/core/authelia/config/configuration.yml b/docker-compose/core/authelia/config/configuration.yml index 4fa2f41..3acecb8 100644 --- a/docker-compose/core/authelia/config/configuration.yml +++ b/docker-compose/core/authelia/config/configuration.yml @@ -11,12 +11,12 @@ log: theme: dark -jwt_secret: ${AUTHELIA_JWT_SECRET} +jwt_secret: 4f263cdfa9929d007551fd5a5a6b552f7e17127cc4bb425b375a8532631d527b6b591a560a784552a33767699391973799e7472b679e7f94fcf4aca2ce5b2efc -default_redirection_url: https://auth.${DOMAIN} +default_redirection_url: https://auth.kelinreij.duckdns.org totp: - issuer: ${DOMAIN} + issuer: kelinreij.duckdns.org period: 30 skew: 1 @@ -36,34 +36,34 @@ access_control: rules: # Bypass Authelia for Jellyfin (allow app access) - - domain: jellyfin.${DOMAIN} + - domain: jellyfin.kelinreij.duckdns.org policy: bypass # Bypass for Plex (allow app access) - - domain: plex.${DOMAIN} + - domain: plex.kelinreij.duckdns.org policy: bypass # Bypass for Home Assistant (has its own auth) - - domain: ha.${DOMAIN} + - domain: ha.kelinreij.duckdns.org policy: bypass # Protected: All other services require authentication - - domain: "*.${DOMAIN}" + - domain: "*.kelinreij.duckdns.org" policy: one_factor # Two-factor for admin services (optional) # - domain: - # - "admin.${DOMAIN}" - # - "portainer.${DOMAIN}" + # - "admin.kelinreij.duckdns.org" + # - "portainer.kelinreij.duckdns.org" # policy: two_factor session: name: authelia_session - secret: ${AUTHELIA_SESSION_SECRET} + secret: 3ba018547a24dfd49ae55f23b5b75377ec93f5957707e2a669b0a49966df745a5b062eee3f7356e0abae21452915bdd30a32f404ec0a2a7a957c93a2fa2a94c8 expiration: 24h # Session expires after 24 hours inactivity: 24h # Session expires after 24 hours of inactivity remember_me_duration: 1M - domain: ${DOMAIN} + domain: kelinreij.duckdns.org regulation: max_retries: 3 @@ -71,7 +71,7 @@ regulation: ban_time: 5m storage: - encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY} + encryption_key: dd23db430500eb630e469d5cf0f77dd597649bd4d1a90c02ad673286d8eb9aa8f55435655435d40033751003fc764a173944dbc3ad89d57330e185269792a4b7 local: path: /config/db.sqlite3 diff --git a/docker-compose/core/authelia/config/db.sqlite3 b/docker-compose/core/authelia/config/db.sqlite3 new file mode 100644 index 0000000..beeee98 Binary files /dev/null and b/docker-compose/core/authelia/config/db.sqlite3 differ diff --git a/docker-compose/core/authelia/config/notification.txt b/docker-compose/core/authelia/config/notification.txt new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose/core/authelia/config/users_database.yml b/docker-compose/core/authelia/config/users_database.yml index ba22fac..17858f7 100644 --- a/docker-compose/core/authelia/config/users_database.yml +++ b/docker-compose/core/authelia/config/users_database.yml @@ -1,20 +1,12 @@ -# Authelia Users Database -# Copy to /opt/stacks/authelia/users_database.yml -# Generate password hashes with: docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'yourpassword' +############################################################### +# Users Database # +############################################################### users: - ${AUTHELIA_ADMIN_USER}: - displayname: ${AUTHELIA_ADMIN_USER} - password: "${AUTHELIA_ADMIN_PASSWORD_HASH}" - email: ${AUTHELIA_ADMIN_EMAIL} + kelin: + displayname: "kelin" + password: "$argon2id$v=19$m=65536,t=3,p=4$e97MzVuvteD5VfHT+Kw9Ew$NnK63ABYKRm5d8nWG7Z8dbRBJfhhHjaf71zQ354KSN4" + email: kelinshomelab@gmail.com groups: - admins - users - - # Example: Additional user - # user1: - # displayname: "User One" - # password: "$argon2id$v=19$m=65536,t=3,p=4$CHANGEME" - # email: user1@example.com - # groups: - # - users diff --git a/docker-compose/core/authelia/config/users_database.yml.template b/docker-compose/core/authelia/config/users_database.yml.template index 5d9dfef..9421ef4 100644 --- a/docker-compose/core/authelia/config/users_database.yml.template +++ b/docker-compose/core/authelia/config/users_database.yml.template @@ -3,10 +3,10 @@ ############################################################### users: - ${DEFAULT_USER}: - displayname: "Administrator" - password: "${DEFAULT_PASSWORD_HASH}" # Generate with: docker run authelia/authelia:latest authelia crypto hash generate pbkdf2 --password 'yourpassword' - email: ${DEFAULT_EMAIL} + ${AUTHELIA_ADMIN_USER}: + displayname: "${AUTHELIA_ADMIN_USER}" + password: "${AUTHELIA_ADMIN_PASSWORD_HASH}" + email: ${AUTHELIA_ADMIN_EMAIL} groups: - admins - users diff --git a/docker-compose/core/authelia/secrets/users_database.yml b/docker-compose/core/authelia/secrets/users_database.yml new file mode 100644 index 0000000..9e1b204 --- /dev/null +++ b/docker-compose/core/authelia/secrets/users_database.yml @@ -0,0 +1,19 @@ +# yamllint disable rule:line-length +--- +############################################################### +# Users Database # +############################################################### + +# This file can be used if you do not have an LDAP set up. + +users: + authelia: + disabled: false + displayname: "Test User" + password: "$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk" # Password is 'authelia' + email: authelia@authelia.com + groups: + - admins + - dev +... +# yamllint enable rule:line-length diff --git a/docker-compose/core/deploy-core.sh b/docker-compose/core/deploy-core.sh index 66c491f..bf7f9ac 100755 --- a/docker-compose/core/deploy-core.sh +++ b/docker-compose/core/deploy-core.sh @@ -6,16 +6,16 @@ set -e # Source common functions SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -REPO_DIR="/home/kelin/EZ-Homelab" # Fixed repo path since script runs from /opt/stacks/core +REPO_DIR="$HOME/EZ-Homelab" source "$REPO_DIR/scripts/common.sh" log_info "Deploying core stack..." # Load environment -load_env_file_safely .env +load_env_file_safely "$REPO_DIR/.env" # Copy fresh templates -cp "$REPO_DIR/docker-compose/core/authelia/secrets/users_database.yml" "./authelia/secrets/users_database.yml" +# cp "$REPO_DIR/docker-compose/core/authelia/secrets/users_database.yml" "./authelia/secrets/users_database.yml" # Localize labels in compose file (only replaces variables in labels, not environment sections) localize_compose_labels docker-compose.yml @@ -23,7 +23,7 @@ localize_compose_labels docker-compose.yml # Localize config files - Process all YAML config files (excluding docker-compose.yml) # This performs FULL variable replacement on config files like: # - authelia/config/configuration.yml -# - authelia/secrets/users_database.yml <- HANDLED SPECIALLY to preserve password hashes +# - authelia/config/users_database.yml <- HANDLED SPECIALLY to preserve password hashes # - traefik/dynamic/*.yml # # Why exclude docker-compose.yml? @@ -35,10 +35,13 @@ localize_compose_labels docker-compose.yml # nested variables like ${AUTHELIA_ADMIN_PASSWORD_HASH} or ${SERVICE_NAME}.${DOMAIN} # The localize_users_database_file function handles password hashes specially to avoid corruption for config_file in $(find . -name "*.yml" -o -name "*.yaml" | grep -v docker-compose.yml); do - if [[ "$config_file" == *"users_database.yml" ]]; then - localize_users_database_file "$config_file" - else - localize_config_file "$config_file" + # Only process files that contain variables (have ${ in them) + if grep -q '\${' "$config_file"; then + if [[ "$config_file" == *"users_database.yml" ]]; then + localize_users_database_file "$config_file" + else + localize_config_file "$config_file" + fi fi done diff --git a/docker-compose/core/docker-compose.yml b/docker-compose/core/docker-compose.yml index 5e8fbf2..117f762 100644 --- a/docker-compose/core/docker-compose.yml +++ b/docker-compose/core/docker-compose.yml @@ -48,7 +48,7 @@ services: - 'homelab.category=core' - 'homelab.description=Reverse proxy and SSL termination' - 'traefik.enable=true' - - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)' + - 'traefik.http.routers.traefik.rule=Host(`traefik.kelinreij.duckdns.org`)' - 'traefik.http.routers.traefik.entrypoints=websecure' - 'traefik.http.routers.traefik.tls.certresolver=letsencrypt' - 'traefik.http.routers.traefik.middlewares=authelia@docker' @@ -80,13 +80,13 @@ services: # If Traefik is on a remote server: these labels are NOT USED; # configure external yml files in /traefik/dynamic folder instead. - 'traefik.enable=true' - - 'traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)' + - 'traefik.http.routers.authelia.rule=Host(`auth.kelinreij.duckdns.org`)' - 'traefik.http.routers.authelia.entrypoints=websecure' - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt' - 'traefik.http.routers.authelia.service=authelia' - 'traefik.http.services.authelia.loadbalancer.server.port=9091' # Authelia forward auth middleware configuration - - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/' + - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/' - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret' - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' @@ -127,7 +127,7 @@ networks: x-dockge: urls: - - https://auth.${DOMAIN} + - https://auth.kelinreij.duckdns.org - http://192.168.4.11:9091 - - https://traefik.${DOMAIN} - - http://192.168.4.11:8080 \ No newline at end of file + - https://traefik.kelinreij.duckdns.org + - http://192.168.4.11:8080 diff --git a/docker-compose/core/duckdns/config/logrotate.conf b/docker-compose/core/duckdns/config/logrotate.conf new file mode 100644 index 0000000..828dfc6 --- /dev/null +++ b/docker-compose/core/duckdns/config/logrotate.conf @@ -0,0 +1,5 @@ +/config/duck.log { + rotate 5 + size 100k + compress +} diff --git a/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml b/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml index 783903c..8f04899 100644 --- a/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml +++ b/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml @@ -2,7 +2,7 @@ http: routers: # Individual Services homeassistant: - rule: "Host(`hass.${DOMAIN}`)" + rule: "Host(`hass.kelinreij.duckdns.org`)" entryPoints: - websecure service: homeassistant @@ -15,5 +15,5 @@ http: homeassistant: loadBalancer: servers: - - url: "http://${HOMEASSISTANT_IP}:8123" + - url: "http://:8123" passHostHeader: true diff --git a/docker-compose/core/traefik/dynamic/local-host-production.yml b/docker-compose/core/traefik/dynamic/local-host-production.yml index 13f7a49..c49224f 100644 --- a/docker-compose/core/traefik/dynamic/local-host-production.yml +++ b/docker-compose/core/traefik/dynamic/local-host-production.yml @@ -1,101 +1,101 @@ http: routers: -# Remote Server Services (${REMOTE_SERVER_HOSTNAME}) - dockge-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`dockge.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" +# Remote Server Services (your-remote-server) + dockge-your-remote-server: + rule: "Host(`dockge.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: dockge-${REMOTE_SERVER_HOSTNAME} + service: dockge-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - dozzle-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`dozzle.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + dozzle-your-remote-server: + rule: "Host(`dozzle.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: dozzle-${REMOTE_SERVER_HOSTNAME} + service: dozzle-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - glances-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`glances.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + glances-your-remote-server: + rule: "Host(`glances.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: glances-${REMOTE_SERVER_HOSTNAME} + service: glances-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - backrest-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`backrest.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + backrest-your-remote-server: + rule: "Host(`backrest.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: backrest-${REMOTE_SERVER_HOSTNAME} + service: backrest-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - duplicati-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`duplicati.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + duplicati-your-remote-server: + rule: "Host(`duplicati.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: duplicati-${REMOTE_SERVER_HOSTNAME} + service: duplicati-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - homepage-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`homepage.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + homepage-your-remote-server: + rule: "Host(`homepage.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: homepage-${REMOTE_SERVER_HOSTNAME} + service: homepage-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - homarr-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`homarr.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + homarr-your-remote-server: + rule: "Host(`homarr.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: homarr-${REMOTE_SERVER_HOSTNAME} + service: homarr-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - grafana-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`grafana.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + grafana-your-remote-server: + rule: "Host(`grafana.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: grafana-${REMOTE_SERVER_HOSTNAME} + service: grafana-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - prometheus-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`prometheus.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + prometheus-your-remote-server: + rule: "Host(`prometheus.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: prometheus-${REMOTE_SERVER_HOSTNAME} + service: prometheus-your-remote-server tls: certResolver: letsencrypt middlewares: - authelia@docker - uptime-kuma-${REMOTE_SERVER_HOSTNAME}: - rule: "Host(`status.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)" + uptime-kuma-your-remote-server: + rule: "Host(`status.your-remote-server.kelinreij.duckdns.org`)" entryPoints: - websecure - service: uptime-kuma-${REMOTE_SERVER_HOSTNAME} + service: uptime-kuma-your-remote-server tls: certResolver: letsencrypt middlewares: @@ -103,286 +103,286 @@ http: # Service Definitions services: - backrest-${SERVER_HOSTNAME}: + backrest-jasper: loadBalancer: servers: - - url: "http://${SERVER_IP}:9898" + - url: "http://192.168.4.4:9898" passHostHeader: true - vaultwarden-${SERVER_HOSTNAME}: + vaultwarden-jasper: loadBalancer: servers: - - url: "http://${SERVER_IP}:8091" + - url: "http://192.168.4.4:8091" passHostHeader: true - bookstack-${SERVER_HOSTNAME}: + bookstack-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:6875" + - url: "http://192.168.4.4:6875" passHostHeader: true - calibre-web-${SERVER_HOSTNAME}: + calibre-web-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8083" + - url: "http://192.168.4.4:8083" passHostHeader: true - code-${SERVER_HOSTNAME}: + code-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8079" + - url: "http://192.168.4.4:8079" passHostHeader: true - dockge-${SERVER_HOSTNAME}: + dockge-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:5001" + - url: "http://192.168.4.4:5001" passHostHeader: true - dockhand-${SERVER_HOSTNAME}: + dockhand-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:3003" + - url: "http://192.168.4.4:3003" passHostHeader: true - dokuwiki-${SERVER_HOSTNAME}: + dokuwiki-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8087" + - url: "http://192.168.4.4:8087" passHostHeader: true - dozzle-${SERVER_HOSTNAME}: + dozzle-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8085" + - url: "http://192.168.4.4:8085" passHostHeader: true - duplicati-${SERVER_HOSTNAME}: + duplicati-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8200" + - url: "http://192.168.4.4:8200" passHostHeader: true - ez-assistant-${SERVER_HOSTNAME}: + ez-assistant-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:18789" # Internal IP of ${SERVER_HOSTNAME} server + - url: "http://192.168.4.4:18789" # Internal IP of jasper server passHostHeader: true - formio-${SERVER_HOSTNAME}: + formio-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:3002" + - url: "http://192.168.4.4:3002" passHostHeader: true - gitea-${SERVER_HOSTNAME}: + gitea-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:3010" + - url: "http://192.168.4.4:3010" passHostHeader: true - glances-${SERVER_HOSTNAME}: + glances-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:61208" + - url: "http://192.168.4.4:61208" passHostHeader: true - homarr-${SERVER_HOSTNAME}: + homarr-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:7575" + - url: "http://192.168.4.4:7575" passHostHeader: true - homepage-${SERVER_HOSTNAME}: + homepage-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:3000" + - url: "http://192.168.4.4:3000" passHostHeader: true - jellyfin-${SERVER_HOSTNAME}: + jellyfin-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8096" + - url: "http://192.168.4.4:8096" passHostHeader: true - jupyter-${SERVER_HOSTNAME}: + jupyter-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8890" + - url: "http://192.168.4.4:8890" passHostHeader: true - kopia-${SERVER_HOSTNAME}: + kopia-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:51515" + - url: "http://192.168.4.4:51515" passHostHeader: true - mealie-${SERVER_HOSTNAME}: + mealie-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:9000" + - url: "http://192.168.4.4:9000" passHostHeader: true - mediawiki-${SERVER_HOSTNAME}: + mediawiki-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8086" + - url: "http://192.168.4.4:8086" passHostHeader: true - motioneye-${SERVER_HOSTNAME}: + motioneye-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8081" + - url: "http://192.168.4.4:8081" passHostHeader: true - nextcloud-${SERVER_HOSTNAME}: + nextcloud-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8089" + - url: "http://192.168.4.4:8089" passHostHeader: true - openkm-${SERVER_HOSTNAME}: + openkm-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:18080" + - url: "http://192.168.4.4:18080" passHostHeader: true - openwebui-${SERVER_HOSTNAME}: + openwebui-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:3000" + - url: "http://192.168.4.4:3000" passHostHeader: true - qbittorrent-${SERVER_HOSTNAME}: + qbittorrent-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8081" + - url: "http://192.168.4.4:8081" passHostHeader: true - tdarr-${SERVER_HOSTNAME}: + tdarr-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8265" + - url: "http://192.168.4.4:8265" passHostHeader: true - unmanic-${SERVER_HOSTNAME}: + unmanic-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8889" + - url: "http://192.168.4.4:8889" passHostHeader: true - wordpress-${SERVER_HOSTNAME}: + wordpress-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8088" + - url: "http://192.168.4.4:8088" passHostHeader: true # Arr Services - jellyseerr-${SERVER_HOSTNAME}: + jellyseerr-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:5055" + - url: "http://192.168.4.4:5055" passHostHeader: true - prowlarr-${SERVER_HOSTNAME}: + prowlarr-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:9696" + - url: "http://192.168.4.4:9696" passHostHeader: true - radarr-${SERVER_HOSTNAME}: + radarr-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:7878" + - url: "http://192.168.4.4:7878" passHostHeader: true - sonarr-${SERVER_HOSTNAME}: + sonarr-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8989" + - url: "http://192.168.4.4:8989" passHostHeader: true - lidarr-${SERVER_HOSTNAME}: + lidarr-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8686" + - url: "http://192.168.4.4:8686" passHostHeader: true - readarr-${SERVER_HOSTNAME}: + readarr-jasper: loadbalancer: servers: - - url: "http://${SERVER_IP}:8787" + - url: "http://192.168.4.4:8787" passHostHeader: true - mylar3-${SERVER_HOSTNAME}: + mylar3-jasper: loadBalancer: servers: - - url: "http://${SERVER_IP}:8090" + - url: "http://192.168.4.4:8090" passHostHeader: true -# Remote Server Service Definitions (${REMOTE_SERVER_HOSTNAME}) - dockge-${REMOTE_SERVER_HOSTNAME}: +# Remote Server Service Definitions (your-remote-server) + dockge-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:5001" + - url: "http://your.remote.ip.address:5001" passHostHeader: true - dozzle-${REMOTE_SERVER_HOSTNAME}: + dozzle-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:8085" + - url: "http://your.remote.ip.address:8085" passHostHeader: true - glances-${REMOTE_SERVER_HOSTNAME}: + glances-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:61208" + - url: "http://your.remote.ip.address:61208" passHostHeader: true - backrest-${REMOTE_SERVER_HOSTNAME}: + backrest-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:9898" + - url: "http://your.remote.ip.address:9898" passHostHeader: true - duplicati-${REMOTE_SERVER_HOSTNAME}: + duplicati-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:8200" + - url: "http://your.remote.ip.address:8200" passHostHeader: true - homepage-${REMOTE_SERVER_HOSTNAME}: + homepage-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:3000" + - url: "http://your.remote.ip.address:3000" passHostHeader: true - homarr-${REMOTE_SERVER_HOSTNAME}: + homarr-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:7575" + - url: "http://your.remote.ip.address:7575" passHostHeader: true - grafana-${REMOTE_SERVER_HOSTNAME}: + grafana-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:3000" + - url: "http://your.remote.ip.address:3000" passHostHeader: true - prometheus-${REMOTE_SERVER_HOSTNAME}: + prometheus-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:9090" + - url: "http://your.remote.ip.address:9090" passHostHeader: true - uptime-kuma-${REMOTE_SERVER_HOSTNAME}: + uptime-kuma-your-remote-server: loadbalancer: servers: - - url: "http://${REMOTE_SERVER_IP}:3001" + - url: "http://your.remote.ip.address:3001" passHostHeader: true # Middleware Definitions diff --git a/docker-compose/core/traefik/dynamic/sablier.yml b/docker-compose/core/traefik/dynamic/sablier.yml index 8c3908a..2255cb3 100644 --- a/docker-compose/core/traefik/dynamic/sablier.yml +++ b/docker-compose/core/traefik/dynamic/sablier.yml @@ -3,16 +3,16 @@ http: middlewares: authelia: forwardauth: - address: http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/ + address: http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/ authResponseHeaders: - X-Secret trustForwardHeader: true - sablier-${SERVER_HOSTNAME}-arr: + sablier-jasper-arr: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-arr + group: jasper-arr sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -20,11 +20,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-backrest: + sablier-jasper-backrest: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-backrest + group: jasper-backrest sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -32,11 +32,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-vaultwarden: + sablier-jasper-vaultwarden: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-vaultwarden + group: jasper-vaultwarden sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -44,11 +44,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-bookstack: + sablier-jasper-bookstack: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-bookstack + group: jasper-bookstack sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -56,11 +56,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-calibre-web: + sablier-jasper-calibre-web: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-calibre-web + group: jasper-calibre-web sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -68,11 +68,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-code-server: + sablier-jasper-code-server: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-code-server + group: jasper-code-server sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -80,11 +80,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-dozzle: + sablier-jasper-dozzle: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-dozzle + group: jasper-dozzle sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -92,11 +92,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-dokuwiki: + sablier-jasper-dokuwiki: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-dokuwiki + group: jasper-dokuwiki sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -104,11 +104,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-duplicati: + sablier-jasper-duplicati: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-duplicati + group: jasper-duplicati sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -116,11 +116,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-assistant: + sablier-jasper-assistant: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-assistant + group: jasper-assistant sessionDuration: 30m ignoreUserAgent: curl dynamic: @@ -128,11 +128,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-formio: + sablier-jasper-formio: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-formio + group: jasper-formio sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -140,11 +140,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-gitea: + sablier-jasper-gitea: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-gitea + group: jasper-gitea sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -152,11 +152,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-glances: + sablier-jasper-glances: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-glances + group: jasper-glances sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -164,11 +164,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-homarr: + sablier-jasper-homarr: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-homarr + group: jasper-homarr sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -176,11 +176,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-jellyfin: + sablier-jasper-jellyfin: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-jellyfin + group: jasper-jellyfin sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -188,11 +188,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-jupyter: + sablier-jasper-jupyter: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-jupyter + group: jasper-jupyter sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -200,11 +200,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-komodo: + sablier-jasper-komodo: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-komodo + group: jasper-komodo sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -212,11 +212,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-kopia: + sablier-jasper-kopia: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-kopia + group: jasper-kopia sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -224,11 +224,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-mealie: + sablier-jasper-mealie: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-mealie + group: jasper-mealie sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -236,11 +236,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-mediawiki: + sablier-jasper-mediawiki: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-mediawiki + group: jasper-mediawiki sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -248,11 +248,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-nextcloud: + sablier-jasper-nextcloud: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-nextcloud + group: jasper-nextcloud sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -260,11 +260,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-openkm: + sablier-jasper-openkm: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-openkm + group: jasper-openkm sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -272,11 +272,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-openwebui: + sablier-jasper-openwebui: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-openwebui + group: jasper-openwebui sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -284,11 +284,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-pulse: + sablier-jasper-pulse: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-pulse + group: jasper-pulse sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -296,11 +296,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-tdarr: + sablier-jasper-tdarr: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-tdarr + group: jasper-tdarr sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -308,11 +308,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-unmanic: + sablier-jasper-unmanic: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-unmanic + group: jasper-unmanic sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -320,11 +320,11 @@ http: theme: ghost show-details-by-default: true - sablier-${SERVER_HOSTNAME}-wordpress: + sablier-jasper-wordpress: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${SERVER_HOSTNAME}-wordpress + group: jasper-wordpress sessionDuration: 5m ignoreUserAgent: curl dynamic: @@ -332,123 +332,123 @@ http: theme: ghost show-details-by-default: true - # Remote Server (${REMOTE_SERVER_HOSTNAME}) Sablier Middlewares - sablier-${REMOTE_SERVER_HOSTNAME}-dockge: + # Remote Server (your-remote-server) Sablier Middlewares + sablier-your-remote-server-dockge: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-dockge + group: your-remote-server-dockge sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Dockge (${REMOTE_SERVER_HOSTNAME}) + displayName: Dockge (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-dozzle: + sablier-your-remote-server-dozzle: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-dozzle + group: your-remote-server-dozzle sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Dozzle (${REMOTE_SERVER_HOSTNAME}) + displayName: Dozzle (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-glances: + sablier-your-remote-server-glances: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-glances + group: your-remote-server-glances sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Glances (${REMOTE_SERVER_HOSTNAME}) + displayName: Glances (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-backrest: + sablier-your-remote-server-backrest: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-backrest + group: your-remote-server-backrest sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Backrest (${REMOTE_SERVER_HOSTNAME}) + displayName: Backrest (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-duplicati: + sablier-your-remote-server-duplicati: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-duplicati + group: your-remote-server-duplicati sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Duplicati (${REMOTE_SERVER_HOSTNAME}) + displayName: Duplicati (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-homepage: + sablier-your-remote-server-homepage: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-homepage + group: your-remote-server-homepage sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Homepage (${REMOTE_SERVER_HOSTNAME}) + displayName: Homepage (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-homarr: + sablier-your-remote-server-homarr: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-homarr + group: your-remote-server-homarr sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Homarr (${REMOTE_SERVER_HOSTNAME}) + displayName: Homarr (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-grafana: + sablier-your-remote-server-grafana: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-grafana + group: your-remote-server-grafana sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Grafana (${REMOTE_SERVER_HOSTNAME}) + displayName: Grafana (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-prometheus: + sablier-your-remote-server-prometheus: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-prometheus + group: your-remote-server-prometheus sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Prometheus (${REMOTE_SERVER_HOSTNAME}) + displayName: Prometheus (your-remote-server) theme: ghost show-details-by-default: true - sablier-${REMOTE_SERVER_HOSTNAME}-uptime-kuma: + sablier-your-remote-server-uptime-kuma: plugin: sablier: sablierUrl: http://sablier-service:10000 - group: ${REMOTE_SERVER_HOSTNAME}-uptime-kuma + group: your-remote-server-uptime-kuma sessionDuration: 5m ignoreUserAgent: curl dynamic: - displayName: Uptime Kuma (${REMOTE_SERVER_HOSTNAME}) + displayName: Uptime Kuma (your-remote-server) theme: ghost show-details-by-default: true diff --git a/docker-compose/core/traefik/traefik.yml b/docker-compose/core/traefik/traefik.yml index 1dc73a0..a7aa1c6 100644 --- a/docker-compose/core/traefik/traefik.yml +++ b/docker-compose/core/traefik/traefik.yml @@ -27,7 +27,7 @@ entryPoints: certificatesResolvers: letsencrypt: acme: - email: ${ACME_EMAIL} # Your email for Let's Encrypt notifications + email: kelinshomelab@gmail.com # Your email for Let's Encrypt notifications caServer: https://acme-v02.api.letsencrypt.org/directory # Use staging for testing storage: /letsencrypt/acme.json # DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org) diff --git a/scripts/common.sh b/scripts/common.sh index 68271d0..b91f989 100644 --- a/scripts/common.sh +++ b/scripts/common.sh @@ -154,7 +154,7 @@ localize_users_database_file() { # Resolve nested variables first local resolved_user="${AUTHELIA_ADMIN_USER}" local resolved_email=$(eval echo "${AUTHELIA_ADMIN_EMAIL}") - local resolved_password="${AUTHELIA_ADMIN_PASSWORD_HASH}" + local resolved_password="${AUTHELIA_ADMIN_PASSWORD_HASH}" # Don't eval - password hash contains $ that would be interpreted # Escape $ in password hash for sed local escaped_password=$(printf '%s\n' "$resolved_password" | sed 's/\$/\\$/g')