Add EZ-Homelab Enhanced Setup System

- Complete modular bash-based setup system replacing Python TUI - Phase 1-4 implementation: Core Infrastructure, Configuration Management, Deployment Engine, Service Orchestration & Management - 9 production-ready scripts: preflight.sh, setup.sh, pre-deployment-wizard.sh, localize.sh, generalize.sh, validate.sh, deploy.sh, service.sh, monitor.sh, backup.sh, update.sh - Shared libraries: common.sh (utilities), ui.sh (text interface) - Template-based configuration system with environment variable substitution - Comprehensive documentation: PRD, standards, and quick reference guides - Automated backup, monitoring, and update management capabilities - Cross-platform compatibility with robust error handling and logging
2026-01-29 19:53:36 -05:00
parent dd4ff47048
commit f141848a10
19 changed files with 6605 additions and 0 deletions
--- a/docker-compose/core/authelia/configuration.yml.template
+++ b/docker-compose/core/authelia/configuration.yml.template
@@ -0,0 +1,87 @@
+# Authelia Configuration
+# Copy to /opt/stacks/authelia/configuration.yml
+# IMPORTANT: Replace '${DOMAIN}' with your actual DuckDNS domain
+
+server:
+  host: 0.0.0.0
+  port: 9091
+
+log:
+  level: info
+
+theme: dark
+
+jwt_secret: ${AUTHELIA_JWT_SECRET}
+
+default_redirection_url: https://auth.${DOMAIN}
+
+totp:
+  issuer: ${DOMAIN}
+  period: 30
+  skew: 1
+
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+    password:
+      algorithm: argon2id
+      iterations: 1
+      key_length: 32
+      salt_length: 16
+      memory: 1024
+      parallelism: 8
+
+access_control:
+  default_policy: deny
+  
+  rules:
+    # Bypass Authelia for Jellyfin (allow app access)
+    - domain: jellyfin.${DOMAIN}
+      policy: bypass
+    
+    # Bypass for Plex (allow app access)
+    - domain: plex.${DOMAIN}
+      policy: bypass
+    
+    # Bypass for Home Assistant (has its own auth)
+    - domain: ha.${DOMAIN}
+      policy: bypass
+    
+    # Bypass for development services (they have their own auth or setup)
+    - domain: pgadmin.${DOMAIN}
+      policy: bypass
+    - domain: gitlab.${DOMAIN}
+      policy: bypass
+    
+    # Protected: All other services require authentication
+    - domain: "*.${DOMAIN}"
+      policy: one_factor
+    
+    # Two-factor for admin services (optional)
+    # - domain:
+    #     - "admin.${DOMAIN}"
+    #     - "portainer.${DOMAIN}"
+    #   policy: two_factor
+
+session:
+  name: authelia_session
+  secret: ${AUTHELIA_SESSION_SECRET}
+  expiration: 24h      # Session expires after 24 hours
+  inactivity: 24h      # Session expires after 24 hours of inactivity
+  remember_me_duration: 1M
+  domain: ${DOMAIN}
+
+regulation:
+  max_retries: 3
+  find_time: 2m
+  ban_time: 5m
+
+storage:
+  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+  local:
+    path: /data/db.sqlite3
+
+notifier:
+  # File-based notifications (for development/testing)
+  filesystem:
+    filename: /data/notification.txt
--- a/docker-compose/core/authelia/users_database.yml.template
+++ b/docker-compose/core/authelia/users_database.yml.template
@@ -0,0 +1,12 @@
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+users:
+  kelin:
+    displayname: "Admin User"
+    password: "$argon2id$v=19$m=65536,t=3,p=4$a+3pIrywP/li9wy9J6UkMA$+3THyJiAnS/gNYnLaYtlsRCaYfgnnxsUyGZ4D3xGnUg"
+    email: ${DEFAULT_EMAIL}
+    groups:
+      - admins
+      - users