Fix variable substitution in users_database.yml

- Update localize_users_database_file to properly resolve nested variables in AUTHELIA_ADMIN_EMAIL - Fix template to use correct AUTHELIA_* variables instead of DEFAULT_* variables - Update deploy-core.sh to only process files containing variables and fix .env path - Fix file permissions for authelia config files
2026-02-03 22:48:27 -05:00
parent e2a654b3f4
commit 59cd225e0e
14 changed files with 278 additions and 259 deletions
--- a/docker-compose/core/authelia/config/configuration.yml
+++ b/docker-compose/core/authelia/config/configuration.yml
@@ -11,12 +11,12 @@ log:

 theme: dark

-jwt_secret: ${AUTHELIA_JWT_SECRET}
+jwt_secret: 4f263cdfa9929d007551fd5a5a6b552f7e17127cc4bb425b375a8532631d527b6b591a560a784552a33767699391973799e7472b679e7f94fcf4aca2ce5b2efc

-default_redirection_url: https://auth.${DOMAIN}
+default_redirection_url: https://auth.kelinreij.duckdns.org

 totp:
-  issuer: ${DOMAIN}
+  issuer: kelinreij.duckdns.org
  period: 30
  skew: 1

@@ -36,34 +36,34 @@ access_control:
  
  rules:
    # Bypass Authelia for Jellyfin (allow app access)
-    - domain: jellyfin.${DOMAIN}
+    - domain: jellyfin.kelinreij.duckdns.org
      policy: bypass
    
    # Bypass for Plex (allow app access)
-    - domain: plex.${DOMAIN}
+    - domain: plex.kelinreij.duckdns.org
      policy: bypass
    
    # Bypass for Home Assistant (has its own auth)
-    - domain: ha.${DOMAIN}
+    - domain: ha.kelinreij.duckdns.org
      policy: bypass
    
    # Protected: All other services require authentication
-    - domain: "*.${DOMAIN}"
+    - domain: "*.kelinreij.duckdns.org"
      policy: one_factor
    
    # Two-factor for admin services (optional)
    # - domain:
-    #     - "admin.${DOMAIN}"
-    #     - "portainer.${DOMAIN}"
+    #     - "admin.kelinreij.duckdns.org"
+    #     - "portainer.kelinreij.duckdns.org"
    #   policy: two_factor

 session:
  name: authelia_session
-  secret: ${AUTHELIA_SESSION_SECRET}
+  secret: 3ba018547a24dfd49ae55f23b5b75377ec93f5957707e2a669b0a49966df745a5b062eee3f7356e0abae21452915bdd30a32f404ec0a2a7a957c93a2fa2a94c8
  expiration: 24h      # Session expires after 24 hours
  inactivity: 24h      # Session expires after 24 hours of inactivity
  remember_me_duration: 1M
-  domain: ${DOMAIN}
+  domain: kelinreij.duckdns.org

 regulation:
  max_retries: 3
@@ -71,7 +71,7 @@ regulation:
  ban_time: 5m

 storage:
-  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+  encryption_key: dd23db430500eb630e469d5cf0f77dd597649bd4d1a90c02ad673286d8eb9aa8f55435655435d40033751003fc764a173944dbc3ad89d57330e185269792a4b7
  local:
    path: /config/db.sqlite3

--- a/docker-compose/core/authelia/config/db.sqlite3
+++ b/docker-compose/core/authelia/config/db.sqlite3
--- a/docker-compose/core/authelia/config/notification.txt
+++ b/docker-compose/core/authelia/config/notification.txt
--- a/docker-compose/core/authelia/config/users_database.yml
+++ b/docker-compose/core/authelia/config/users_database.yml
@@ -1,20 +1,12 @@
-# Authelia Users Database
-# Copy to /opt/stacks/authelia/users_database.yml
-# Generate password hashes with: docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'yourpassword'
+###############################################################
+#                         Users Database                      #
+###############################################################

 users:
-  ${AUTHELIA_ADMIN_USER}:
-    displayname: ${AUTHELIA_ADMIN_USER}
-    password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
-    email: ${AUTHELIA_ADMIN_EMAIL}
+  kelin:
+    displayname: "kelin"
+    password: "$argon2id$v=19$m=65536,t=3,p=4$e97MzVuvteD5VfHT+Kw9Ew$NnK63ABYKRm5d8nWG7Z8dbRBJfhhHjaf71zQ354KSN4"
+    email: kelinshomelab@gmail.com
    groups:
      - admins
      - users
-  
-  # Example: Additional user
-  # user1:
-  #   displayname: "User One"
-  #   password: "$argon2id$v=19$m=65536,t=3,p=4$CHANGEME"
-  #   email: user1@example.com
-  #   groups:
-  #     - users
--- a/docker-compose/core/authelia/config/users_database.yml.template
+++ b/docker-compose/core/authelia/config/users_database.yml.template
@@ -3,10 +3,10 @@
 ###############################################################

 users:
-  ${DEFAULT_USER}:
-    displayname: "Administrator"
-    password: "${DEFAULT_PASSWORD_HASH}"  # Generate with: docker run authelia/authelia:latest authelia crypto hash generate pbkdf2 --password 'yourpassword'
-    email: ${DEFAULT_EMAIL}
+  ${AUTHELIA_ADMIN_USER}:
+    displayname: "${AUTHELIA_ADMIN_USER}"
+    password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
+    email: ${AUTHELIA_ADMIN_EMAIL}
    groups:
      - admins
      - users
--- a/docker-compose/core/authelia/secrets/users_database.yml
+++ b/docker-compose/core/authelia/secrets/users_database.yml
@@ -0,0 +1,19 @@
+# yamllint disable rule:line-length
+---
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+users:
+  authelia:
+    disabled: false
+    displayname: "Test User"
+    password: "$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk"  # Password is 'authelia'
+    email: authelia@authelia.com
+    groups:
+      - admins
+      - dev
+...
+# yamllint enable rule:line-length