diff --git a/.gitignore b/.gitignore index 1050c1f..bf9991e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .credentials **/.env +**/users_database.yaml diff --git a/authelia/.env.example b/authelia/.env.example new file mode 100644 index 0000000..129c1b9 --- /dev/null +++ b/authelia/.env.example @@ -0,0 +1,6 @@ +# Authelia secrets — generate values with: +# openssl rand -hex 32 (for JWT and session secrets) +# openssl rand -hex 16 (for storage encryption key) +AUTHELIA_JWT_SECRET= +AUTHELIA_SESSION_SECRET= +AUTHELIA_STORAGE_ENCRYPTION_KEY= diff --git a/authelia/config/configuration.yaml b/authelia/config/configuration.yaml new file mode 100644 index 0000000..836bc27 --- /dev/null +++ b/authelia/config/configuration.yaml @@ -0,0 +1,50 @@ +server: + address: 0.0.0.0:9091 + +log: + level: info + +totp: + issuer: kolpacksoftware.com + +webauthn: + disable: true + +authentication_backend: + file: + path: /config/users_database.yaml + password: + algorithm: argon2id + +access_control: + default_policy: deny + rules: + - domain: auth.kolpacksoftware.com + policy: bypass + - domain: "*.kolpacksoftware.com" + policy: one_factor + +session: + cookies: + - domain: kolpacksoftware.com + authelia_url: https://auth.kolpacksoftware.com + default_redirection_url: https://auth.kolpacksoftware.com + name: authelia_session + expiration: 1h + inactivity: 5m + redis: + host: authelia-redis + port: 6379 + +storage: + local: + path: /config/db.sqlite3 + +notifier: + filesystem: + filename: /config/notifications.txt + +regulation: + max_retries: 3 + find_time: 2m + ban_time: 5m diff --git a/authelia/docker-compose.yml b/authelia/docker-compose.yml new file mode 100644 index 0000000..7dbb1cc --- /dev/null +++ b/authelia/docker-compose.yml @@ -0,0 +1,33 @@ +services: + authelia: + container_name: authelia + image: authelia/authelia:4.38 + restart: unless-stopped + volumes: + - /srv/authelia/config:/config + environment: + - TZ=America/New_York + - AUTHELIA_JWT_SECRET=${AUTHELIA_JWT_SECRET} + - AUTHELIA_SESSION_SECRET=${AUTHELIA_SESSION_SECRET} + - AUTHELIA_STORAGE_ENCRYPTION_KEY=${AUTHELIA_STORAGE_ENCRYPTION_KEY} + networks: + - npm-network + - authelia-internal + depends_on: + - authelia-redis + + authelia-redis: + container_name: authelia-redis + image: redis:7-alpine + restart: unless-stopped + command: --save 60 1 --loglevel warning + volumes: + - /srv/authelia/redis:/data + networks: + - authelia-internal + +networks: + npm-network: + external: true + authelia-internal: + driver: bridge diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml deleted file mode 100644 index bbec8a8..0000000 --- a/authentik/docker-compose.yml +++ /dev/null @@ -1,95 +0,0 @@ -networks: - default: - external: - name: nginx-network - - -services: - postgresql: - environment: - POSTGRES_DB: ${PG_DB:-authentik} - POSTGRES_PASSWORD: ${PG_PASS:?database password required} - POSTGRES_USER: ${PG_USER:-authentik} - healthcheck: - interval: 30s - retries: 5 - start_period: 20s - test: - - CMD-SHELL - - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER} - timeout: 5s - image: docker.io/library/postgres:16-alpine - restart: unless-stopped - volumes: - - database:/var/lib/postgresql/data - redis: - command: --save 60 1 --loglevel warning - healthcheck: - interval: 30s - retries: 5 - start_period: 20s - test: - - CMD-SHELL - - redis-cli ping | grep PONG - timeout: 3s - image: docker.io/library/redis:alpine - restart: unless-stopped - volumes: - - redis:/data - server: - command: server - depends_on: - postgresql: - condition: service_healthy - redis: - condition: service_healthy - environment: - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.3} - ports: - - ${COMPOSE_PORT_HTTP:-9000}:9000 - - ${COMPOSE_PORT_HTTPS:-9443}:9443 - restart: unless-stopped - volumes: - - ./media:/media - - ./custom-templates:/templates - worker: - command: worker - depends_on: - postgresql: - condition: service_healthy - redis: - condition: service_healthy - environment: - AUTHENTIK_POSTGRESQL__HOST: postgresql - AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} - AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} - AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} - AUTHENTIK_REDIS__HOST: redis - AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required} - image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.8.3} - restart: unless-stopped - user: root - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ./media:/media - - ./certs:/certs - - ./custom-templates:/templates -volumes: - database: - driver: local - driver_opts: - type: 'none' - o: 'bind' - device: '/srv/authentik/database' - redis: - driver: local - driver_opts: - type: 'none' - o: 'bind' - device: '/srv/authentik/redis' diff --git a/ultralytics/docker-compose.yml b/ultralytics/docker-compose.yml index bae2f75..44bd90b 100644 --- a/ultralytics/docker-compose.yml +++ b/ultralytics/docker-compose.yml @@ -13,7 +13,7 @@ services: --server.headless true --server.address 0.0.0.0 --server.port 8501 -- /data/models/yolo11x_leaf.pt ports: - - "8501:8501" + - "127.0.0.1:8501:8501" volumes: - /srv/ultralytics/data:/data - /srv/ultralytics/runs:/root/runs