Fix: Generate users_database.yml in secrets folder with proper variables

- Move users_database.yml template from config/ to secrets/ folder - Authelia configuration expects users file at /secrets/users_database.yml - Replace hardcoded values in configuration.yml with variables: - jwt_secret, session secret, storage encryption_key - Domain references (kelinreij.duckdns.org → ${DOMAIN}) - Update deploy script to not move config files (already in subdirectories) - Fix sed command path to target config/configuration.yml - Remove unnecessary mkdir and mv commands from deploy_core() This ensures Authelia uses the correctly generated file with user credentials.
2026-02-05 12:12:33 -05:00
parent a554d00fd3
commit d4c9516e00
5 changed files with 783 additions and 42 deletions
--- a/docker-compose/core/authelia/config/configuration.yml
+++ b/docker-compose/core/authelia/config/configuration.yml
@@ -11,12 +11,12 @@ log:

 theme: dark

-jwt_secret: 4f263cdfa9929d007551fd5a5a6b552f7e17127cc4bb425b375a8532631d527b6b591a560a784552a33767699391973799e7472b679e7f94fcf4aca2ce5b2efc
+jwt_secret: ${AUTHELIA_JWT_SECRET}

-default_redirection_url: https://auth.kelinreij.duckdns.org
+default_redirection_url: https://auth.${DOMAIN}

 totp:
-  issuer: kelinreij.duckdns.org
+  issuer: ${DOMAIN}
  period: 30
  skew: 1

@@ -36,34 +36,34 @@ access_control:
  
  rules:
    # Bypass Authelia for Jellyfin (allow app access)
-    - domain: jellyfin.kelinreij.duckdns.org
+    - domain: jellyfin.${DOMAIN}
      policy: bypass
    
    # Bypass for Plex (allow app access)
-    - domain: plex.kelinreij.duckdns.org
+    - domain: plex.${DOMAIN}
      policy: bypass
    
    # Bypass for Home Assistant (has its own auth)
-    - domain: ha.kelinreij.duckdns.org
+    - domain: ha.${DOMAIN}
      policy: bypass
    
    # Protected: All other services require authentication
-    - domain: "*.kelinreij.duckdns.org"
+    - domain: "*.${DOMAIN}"
      policy: one_factor
    
    # Two-factor for admin services (optional)
    # - domain:
-    #     - "admin.kelinreij.duckdns.org"
-    #     - "portainer.kelinreij.duckdns.org"
+    #     - "admin.${DOMAIN}"
+    #     - "portainer.${DOMAIN}"
    #   policy: two_factor

 session:
  name: authelia_session
-  secret: 3ba018547a24dfd49ae55f23b5b75377ec93f5957707e2a669b0a49966df745a5b062eee3f7356e0abae21452915bdd30a32f404ec0a2a7a957c93a2fa2a94c8
+  secret: ${AUTHELIA_SESSION_SECRET}
  expiration: 24h      # Session expires after 24 hours
  inactivity: 24h      # Session expires after 24 hours of inactivity
  remember_me_duration: 1M
-  domain: kelinreij.duckdns.org
+  domain: ${DOMAIN}

 regulation:
  max_retries: 3
@@ -71,7 +71,7 @@ regulation:
  ban_time: 5m

 storage:
-  encryption_key: dd23db430500eb630e469d5cf0f77dd597649bd4d1a90c02ad673286d8eb9aa8f55435655435d40033751003fc764a173944dbc3ad89d57330e185269792a4b7
+  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
  local:
    path: /config/db.sqlite3

--- a/docker-compose/core/authelia/config/users_database.yml
+++ b/docker-compose/core/authelia/config/users_database.yml
@@ -1,12 +0,0 @@
-###############################################################
-#                         Users Database                      #
-###############################################################
-
-users:
-  ${AUTHELIA_ADMIN_USER}:
-    displayname: "${AUTHELIA_ADMIN_USER}"
-    password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
-    email: ${AUTHELIA_ADMIN_EMAIL}
-    groups:
-      - admins
-      - users