Same pattern as calibre fix — Docker NFS named volumes with soft mount
fail when unRAID drives spin down. Use systemd NFS automount at
/mnt/nas_owncloud instead; hard mount blocks on spin-up rather than EIO.
CIFS uid/gid mismatch caused Permission denied on files created via NFS
(cert.key, .gnupg, etc. owned by uid=99 with mode 600/700; SMB user
can't access them server-side). NFS maps uid/gid directly, avoiding the
issue. Use hard mount so spin-up blocks briefly instead of returning EIO.
SQLite (Calibre Notes DB) fails with SQLITE_IOERR on soft NFS when unRAID
drives spin down. Replace Docker NFS named volumes with bind mounts to
/mnt/nas_media (CIFS via systemd automount), same pattern as backrest and
filebrowser-colleen-hd. systemd handles drive reconnection independently.
- get-env: display env vars for a named stack
- set-env: merge KEY=VALUE pairs into a stack's env vars and redeploy
(uses git/redeploy endpoint with pullImage:false for git-linked stacks)
- redeploy: now preserves existing env vars by including them in the
git/redeploy payload (previously wiped them when env was omitted)
Deploy ownCloud Infinite Scale as a self-hosted cloud storage service
at cloud.kolpacksoftware.com using Authelia as the external OIDC IdP.
Configures a PKCE public client (no secret required).
Bcrypt hashes contain $ signs which Portainer interpolates when storing
as env vars, truncating the values. Use {{ secret "file" }} template
syntax instead — hashes live in /srv/authelia/config/secrets/ on the
host, written via Python to avoid shell interpolation.
Only $ -safe values (hex strings) remain as env vars.
expand-env double-processes substituted values so $ in bcrypt hashes
get re-expanded. Switch back to template filter with {{ env "VAR" }}
syntax which returns values as-is.
- Switch X_AUTHELIA_CONFIG_FILTERS from template to expand-env so ${VAR}
syntax in config files is actually substituted
- Add missing env var pass-throughs for OIDC HMAC secret and client secrets
- Update git config client_secret fields to use ${VAR} syntax (matching host)
- Update .env.example to document all required Portainer env vars
Model weights (~193MB each, darknet + onnx) are stored at
/srv/obico/config/model_cache/ and mounted at /model_cache in the
container since they are not baked into the imagegenius image.
imagegenius monolithic image with NVIDIA GPU (GTX 1660 SUPER) via cuda tag.
Includes internal Redis, npm-network for reverse proxy, DJANGO_SECRET_KEY
as env var placeholder for Portainer.
- Switch from unsupported \${VAR} substitution to {{ secret "..." }} template syntax
- Enable X_AUTHELIA_CONFIG_FILTERS=template in compose
- Client secrets now loaded from /config/secrets/oidc_* files on host
- Use PBKDF2-SHA512 hashes (not bcrypt, not plaintext)
- Add open-webui OIDC client to Authelia config
- Configure open-webui with OIDC env vars pointing to Authelia
- Secret managed via AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI env var in Portainer
- openclaw: expose BRAVE_API_KEY env var for web search tool
- uptime-kuma: prefer username/password auth (API key token auth unreliable)
- uptime-kuma: add TCP monitor type support to manage_monitors.py
- linkding: add OIDC env vars pointing to Authelia as identity provider
- authelia/config: fix issuer_private_keys → jwks (correct key for 4.38.x)
and replace non-functional template function with host-managed note
poprhythm