diff --git a/.env.example b/.env.example index 87d6c5f..9986d25 100644 --- a/.env.example +++ b/.env.example @@ -38,16 +38,18 @@ ADMIN_EMAIL=your-email@example.com # Used for admin user account # AUTHELIA SSO CONFIGURATION # ==================================== # Generate these secrets with: openssl rand -hex 64 -# The deploy script will use these to configure Authelia +# The setup script will auto-generate these if not set AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64 -# Authelia Admin Password (OPTIONAL) -# If not provided, deploy script will generate a random password -# and save it to /opt/stacks/core/authelia/ADMIN_PASSWORD.txt -# AUTHELIA_ADMIN_PASSWORD=your-secure-password-here +# Authelia Admin Credentials +# These will be auto-generated by setup-homelab.sh +# DO NOT set these manually - they are generated during setup +# AUTHELIA_ADMIN_USER=admin +# AUTHELIA_ADMIN_EMAIL=admin@example.com +# AUTHELIA_ADMIN_PASSWORD=auto-generated-password # SMTP for Authelia Notifications (OPTIONAL) # If not configured, notifications are saved to file instead diff --git a/scripts/deploy-homelab.sh b/scripts/deploy-homelab.sh index d36aac6..0ca8cd1 100755 --- a/scripts/deploy-homelab.sh +++ b/scripts/deploy-homelab.sh @@ -180,7 +180,40 @@ sed -i "s/your-domain.duckdns.org/${DOMAIN}/g" /opt/stacks/core/authelia/configu # Configure Authelia admin user from setup script if [ -f /opt/stacks/.setup-temp/authelia_admin_credentials.tmp ] && [ -f /opt/stacks/.setup-temp/authelia_password_hash.tmp ]; then - log_info "Loading Authelia admin credentials from setup script..." + log_info "Loading Authelia admin credentials from setup temp files..." + source /opt/stacks/.setup-temp/authelia_admin_credentials.tmp +elif [ -n "${AUTHELIA_ADMIN_USER}" ] && [ -n "${AUTHELIA_ADMIN_EMAIL}" ] && [ -n "${AUTHELIA_ADMIN_PASSWORD}" ]; then + log_info "Loading Authelia admin credentials from .env file..." + ADMIN_USER="${AUTHELIA_ADMIN_USER}" + ADMIN_EMAIL="${AUTHELIA_ADMIN_EMAIL}" + ADMIN_PASSWORD="${AUTHELIA_ADMIN_PASSWORD}" + + # Generate password hash from the password in .env + log_info "Generating password hash from .env credentials..." + docker run --rm authelia/authelia:4.37 authelia crypto hash generate argon2 --password "$ADMIN_PASSWORD" > /tmp/authelia_password_hash_from_env.tmp 2>/dev/null + + if [ $? -eq 0 ]; then + # Create temp directory and files for the rest of the script + mkdir -p /opt/stacks/.setup-temp + echo "ADMIN_USER=$ADMIN_USER" > /opt/stacks/.setup-temp/authelia_admin_credentials.tmp + echo "ADMIN_EMAIL=$ADMIN_EMAIL" >> /opt/stacks/.setup-temp/authelia_admin_credentials.tmp + echo "ADMIN_PASSWORD=$ADMIN_PASSWORD" >> /opt/stacks/.setup-temp/authelia_admin_credentials.tmp + chmod 600 /opt/stacks/.setup-temp/authelia_admin_credentials.tmp + + # Extract just the hash line + grep '^\$argon2' /tmp/authelia_password_hash_from_env.tmp > /opt/stacks/.setup-temp/authelia_password_hash.tmp || tail -1 /tmp/authelia_password_hash_from_env.tmp > /opt/stacks/.setup-temp/authelia_password_hash.tmp + chmod 600 /opt/stacks/.setup-temp/authelia_password_hash.tmp + rm -f /tmp/authelia_password_hash_from_env.tmp + + log_success "Credentials loaded from .env file" + else + log_error "Failed to generate password hash from .env credentials" + ADMIN_USER="" + ADMIN_EMAIL="" + fi +fi + +if [ -f /opt/stacks/.setup-temp/authelia_admin_credentials.tmp ] && [ -f /opt/stacks/.setup-temp/authelia_password_hash.tmp ]; then source /opt/stacks/.setup-temp/authelia_admin_credentials.tmp if [ -n "$ADMIN_USER" ] && [ -n "$ADMIN_EMAIL" ]; then diff --git a/scripts/setup-homelab.sh b/scripts/setup-homelab.sh index f1ac5f8..8cc9a40 100755 --- a/scripts/setup-homelab.sh +++ b/scripts/setup-homelab.sh @@ -364,6 +364,18 @@ chmod 600 /opt/stacks/.setup-temp/authelia_admin_credentials.tmp cp /tmp/authelia_password_hash.tmp /opt/stacks/.setup-temp/authelia_password_hash.tmp chmod 600 /opt/stacks/.setup-temp/authelia_password_hash.tmp +# Also save to .env file for persistence across reboots +log_info "Saving credentials to .env file for persistence..." +sed -i "/^AUTHELIA_ADMIN_USER=/d" "$REPO_ENV_FILE" +sed -i "/^AUTHELIA_ADMIN_EMAIL=/d" "$REPO_ENV_FILE" +sed -i "/^AUTHELIA_ADMIN_PASSWORD=/d" "$REPO_ENV_FILE" +echo "" >> "$REPO_ENV_FILE" +echo "# Authelia Admin Credentials (generated by setup script)" >> "$REPO_ENV_FILE" +echo "AUTHELIA_ADMIN_USER=$ADMIN_USER" >> "$REPO_ENV_FILE" +echo "AUTHELIA_ADMIN_EMAIL=$ADMIN_EMAIL" >> "$REPO_ENV_FILE" +echo "AUTHELIA_ADMIN_PASSWORD=$ADMIN_PASSWORD" >> "$REPO_ENV_FILE" +log_success "Credentials saved to .env file" + log_info "Credentials saved for deployment script" echo ""