docker-infrastructure

Author	SHA1	Message	Date
poprhythm	5e91f0c68b	Fix Authelia OIDC client secrets using template secret files - Switch from unsupported \${VAR} substitution to {{ secret "..." }} template syntax - Enable X_AUTHELIA_CONFIG_FILTERS=template in compose - Client secrets now loaded from /config/secrets/oidc_* files on host - Use PBKDF2-SHA512 hashes (not bcrypt, not plaintext)	2026-02-26 02:04:52 +00:00
poprhythm	645d908ca5	Add Authelia OIDC SSO to Open WebUI - Add open-webui OIDC client to Authelia config - Configure open-webui with OIDC env vars pointing to Authelia - Secret managed via AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI env var in Portainer	2026-02-26 01:37:28 +00:00
poprhythm	c4157023f6	Add token_endpoint_auth_method: client_secret_post to linkding OIDC client	2026-02-23 19:00:11 +00:00
poprhythm	d0037cf4cd	Add Linkding OIDC via Authelia, fix jwks key name in config - linkding: add OIDC env vars pointing to Authelia as identity provider - authelia/config: fix issuer_private_keys → jwks (correct key for 4.38.x) and replace non-functional template function with host-managed note	2026-02-23 18:45:33 +00:00
poprhythm	3ec74c1f69	Restrict wildcard rule to admins; jsmith (guests) can only access ultralytics	2026-02-23 14:41:18 +00:00
poprhythm	4293022561	Fix authelia: default_redirection_url must differ from authelia_url	2026-02-22 20:26:00 +00:00
poprhythm	9f98a4081e	Add Authelia SSO, remove authentik, restrict ultralytics port - Add authelia/ stack: Authelia 4.38 + Redis 7-alpine on isolated authelia-internal bridge; Authelia also on npm-network for NPM forward-auth. Secrets via env vars (not committed). - Add authelia/config/configuration.yaml: file-based users, SQLite storage, one_factor policy for .kolpacksoftware.com - Add */users_database.yaml to .gitignore (host-only secret) - Remove authentik/ (non-functional leftover) - ultralytics: bind port 8501 to 127.0.0.1 only (auth enforced via NPM)	2026-02-22 20:21:11 +00:00

7 Commits