kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: persist Authelia credentials to .env file

Browse Source 
- setup-homelab.sh: Save AUTHELIA_ADMIN_* credentials to .env file
- deploy-homelab.sh: Check .env file as fallback if temp files don't exist
- .env.example: Document auto-generated Authelia admin variables

This ensures credentials survive reboots (e.g., when NVIDIA drivers are installed)
and the deploy script can find them even when run manually after reboot.
This commit is contained in:
kelin
2026-01-14 00:10:38 -05:00
parent 56604b77e9
commit d12706fda2
3 changed files with 53 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.env.example
View File

@@ -38,16 +38,18 @@ ADMIN_EMAIL=your-email@example.com # Used for admin user account
# AUTHELIA SSO CONFIGURATION # AUTHELIA SSO CONFIGURATION
# ==================================== # ====================================
# Generate these secrets with: openssl rand -hex 64 # Generate these secrets with: openssl rand -hex 64
# The deploy script will use these to configure Authelia # The setup script will auto-generate these if not set
AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64
AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64 AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64
AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64 AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
# Authelia Admin Password (OPTIONAL) # Authelia Admin Credentials
# If not provided, deploy script will generate a random password # These will be auto-generated by setup-homelab.sh
# and save it to /opt/stacks/core/authelia/ADMIN_PASSWORD.txt # DO NOT set these manually - they are generated during setup
# AUTHELIA_ADMIN_PASSWORD=your-secure-password-here # AUTHELIA_ADMIN_USER=admin
# AUTHELIA_ADMIN_EMAIL=admin@example.com
# AUTHELIA_ADMIN_PASSWORD=auto-generated-password
# SMTP for Authelia Notifications (OPTIONAL) # SMTP for Authelia Notifications (OPTIONAL)
# If not configured, notifications are saved to file instead # If not configured, notifications are saved to file instead

35
scripts/deploy-homelab.sh
View File

@@ -180,7 +180,40 @@ sed -i "s/your-domain.duckdns.org/${DOMAIN}/g" /opt/stacks/core/authelia/configu
# Configure Authelia admin user from setup script # Configure Authelia admin user from setup script
if [ -f /opt/stacks/.setup-temp/authelia_admin_credentials.tmp ] && [ -f /opt/stacks/.setup-temp/authelia_password_hash.tmp ]; then if [ -f /opt/stacks/.setup-temp/authelia_admin_credentials.tmp ] && [ -f /opt/stacks/.setup-temp/authelia_password_hash.tmp ]; then
log_info "Loading Authelia admin credentials from setup script..." log_info "Loading Authelia admin credentials from setup temp files..."
source /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
elif [ -n "${AUTHELIA_ADMIN_USER}" ] && [ -n "${AUTHELIA_ADMIN_EMAIL}" ] && [ -n "${AUTHELIA_ADMIN_PASSWORD}" ]; then
log_info "Loading Authelia admin credentials from .env file..."
ADMIN_USER="${AUTHELIA_ADMIN_USER}"
ADMIN_EMAIL="${AUTHELIA_ADMIN_EMAIL}"
ADMIN_PASSWORD="${AUTHELIA_ADMIN_PASSWORD}"
# Generate password hash from the password in .env
log_info "Generating password hash from .env credentials..."
docker run --rm authelia/authelia:4.37 authelia crypto hash generate argon2 --password "$ADMIN_PASSWORD" > /tmp/authelia_password_hash_from_env.tmp 2>/dev/null
if [ $? -eq 0 ]; then
# Create temp directory and files for the rest of the script
mkdir -p /opt/stacks/.setup-temp
echo "ADMIN_USER=$ADMIN_USER" > /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
echo "ADMIN_EMAIL=$ADMIN_EMAIL" >> /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
echo "ADMIN_PASSWORD=$ADMIN_PASSWORD" >> /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
chmod 600 /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
# Extract just the hash line
grep '^\$argon2' /tmp/authelia_password_hash_from_env.tmp > /opt/stacks/.setup-temp/authelia_password_hash.tmp || tail -1 /tmp/authelia_password_hash_from_env.tmp > /opt/stacks/.setup-temp/authelia_password_hash.tmp
chmod 600 /opt/stacks/.setup-temp/authelia_password_hash.tmp
rm -f /tmp/authelia_password_hash_from_env.tmp
log_success "Credentials loaded from .env file"
else
log_error "Failed to generate password hash from .env credentials"
ADMIN_USER=""
ADMIN_EMAIL=""
fi
fi
if [ -f /opt/stacks/.setup-temp/authelia_admin_credentials.tmp ] && [ -f /opt/stacks/.setup-temp/authelia_password_hash.tmp ]; then
source /opt/stacks/.setup-temp/authelia_admin_credentials.tmp source /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
if [ -n "$ADMIN_USER" ] && [ -n "$ADMIN_EMAIL" ]; then if [ -n "$ADMIN_USER" ] && [ -n "$ADMIN_EMAIL" ]; then

12
scripts/setup-homelab.sh
View File

@@ -364,6 +364,18 @@ chmod 600 /opt/stacks/.setup-temp/authelia_admin_credentials.tmp
cp /tmp/authelia_password_hash.tmp /opt/stacks/.setup-temp/authelia_password_hash.tmp cp /tmp/authelia_password_hash.tmp /opt/stacks/.setup-temp/authelia_password_hash.tmp
chmod 600 /opt/stacks/.setup-temp/authelia_password_hash.tmp chmod 600 /opt/stacks/.setup-temp/authelia_password_hash.tmp
# Also save to .env file for persistence across reboots
log_info "Saving credentials to .env file for persistence..."
sed -i "/^AUTHELIA_ADMIN_USER=/d" "$REPO_ENV_FILE"
sed -i "/^AUTHELIA_ADMIN_EMAIL=/d" "$REPO_ENV_FILE"
sed -i "/^AUTHELIA_ADMIN_PASSWORD=/d" "$REPO_ENV_FILE"
echo "" >> "$REPO_ENV_FILE"
echo "# Authelia Admin Credentials (generated by setup script)" >> "$REPO_ENV_FILE"
echo "AUTHELIA_ADMIN_USER=$ADMIN_USER" >> "$REPO_ENV_FILE"
echo "AUTHELIA_ADMIN_EMAIL=$ADMIN_EMAIL" >> "$REPO_ENV_FILE"
echo "AUTHELIA_ADMIN_PASSWORD=$ADMIN_PASSWORD" >> "$REPO_ENV_FILE"
log_success "Credentials saved to .env file"
log_info "Credentials saved for deployment script" log_info "Credentials saved for deployment script"
echo "" echo ""