Fix: Resolve password hash corruption in Authelia users_database.yml
Critical fix for argon2 password hash preservation: - Root cause: Bash variable expansion of $ characters in argon2id hashes - Solution: Write hash directly from Docker output to file, bypass bash variables entirely - setup-homelab.sh: Stream Docker output directly to /tmp/authelia_password_hash.tmp - deploy-homelab.sh: Read hash file in Python to avoid any bash expansion - Result: Password hash correctly preserved with full $argon2id$v=19$m=... format Other changes: - Added DOCKER_API_VERSION=1.44 env var for watchtower (API compatibility) - Watchtower still has issues with Docker 29.1.4 - keeping version pinned for investigation Tested on Debian 12 with Docker 29.1.4: ✅ All 11 critical containers healthy ✅ Authelia authentication working correctly ✅ Password hash preserved through entire deployment workflow ⚠️ Watchtower restart loop (non-critical, under investigation)
This commit is contained in:
@@ -67,9 +67,9 @@ services:
|
||||
- "traefik.http.services.pihole.loadbalancer.server.port=80"
|
||||
|
||||
# Watchtower - Automatic container updates
|
||||
# Runs silently in background, no UI
|
||||
# Runs silently in background, no UI
|
||||
watchtower:
|
||||
image: containrrr/watchtower:1.7.1
|
||||
image: containrrr/watchtower:1.7.2
|
||||
container_name: watchtower
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
@@ -77,6 +77,7 @@ services:
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
- DOCKER_API_VERSION=1.44
|
||||
- WATCHTOWER_CLEANUP=true
|
||||
- WATCHTOWER_INCLUDE_RESTARTING=true
|
||||
- WATCHTOWER_SCHEDULE=0 0 4 * * * # 4 AM daily
|
||||
|
||||
Reference in New Issue
Block a user