chore(app): archive removed stacks from app
archived stacks: - actual-budget - ezbookkeeping - opencloud - trilium - vikunja - wikijs
This commit is contained in:
@@ -117,12 +117,9 @@ postgresql:
|
||||
gitea: ENC[AES256_GCM,data:l+pBCzyQa3000SE9z1R4htD0V0ONsBtKy92dfgsVYsZ3XlEyVJDIBOsugwM=,iv:5t/oHW1vFAmV/s2Ze/cV9Vuqo96Qu6QvZeRbio7VX2s=,tag:4zeQaXiXIzBpy+tXsxmN7Q==,type:str]
|
||||
immich: ENC[AES256_GCM,data:11jvxTKA/RL0DGL6y2/X092hnDohj6yTrYGK4IVojqBd1gCOBnDvUjgmx14=,iv:oBfHxsx9nxhyKY/WOuWfybxEX2bf+lHEtsaifFRS9lg=,tag:tAfkBdgQ8ZEkLIFcDICKDw==,type:str]
|
||||
paperless: ENC[AES256_GCM,data:6VBrBbjVoam7SkZCSvoBTdrfkUoDghdGTiBmFLul04X/okXOHeC5zusJffY=,iv:iZumcJ3TWwZD77FzYx8THwCqC+EbnXUBrEKuPh3zgV8=,tag:u2m8SppAdxZ/duNdpuS3oQ==,type:str]
|
||||
vikunja: ENC[AES256_GCM,data:/+wQdoFPTBG2elI9kZbAVWrHZ0DhMaYr4dc+2z9QNdb3TcDS2PEia0JuSAg=,iv:MViZTyUD8YqMmxSTWCQpJ30f/KQdQGOzPlRHHsQ8lAw=,tag:zov3POno139dkMxFDpj2gg==,type:str]
|
||||
affine: ENC[AES256_GCM,data:XPXrcszsV06YqCJZ7CDqc4rCwqqNlbtLCFYfLAQ8jamLtft8L2UVrMA4WZo=,iv:vrWdBeckxB9tmEE628j4jhU+hSpE6TXYMGt0hh1Cg84=,tag:hlWwWUGht8NqWTZREMsa1Q==,type:str]
|
||||
nextcloud: ENC[AES256_GCM,data:ROsximNuWYMTZktmLJPx7W1Qol/uT+APgwoCtFO/6ZYYc3KxKvlk344eqEc=,iv:4d+MrfIHjJKAcwhvZ3g4go66uZcieuL7lngKErJd+fg=,tag:QbWOtxeCbiu62GyrE2atXg==,type:str]
|
||||
ezbookkeeping: ENC[AES256_GCM,data:CYYQ5DVr8Na46QduvUNF6d0XBVSXTml34q3/PhIYIvUNviOVgCjqXA4wN7g=,iv:qRljohJ+wI50XxSgMElKp65HyV3mKRTqDGjw9C1S0d0=,tag:PClp7PRmC0+PV0SzZpJqqQ==,type:str]
|
||||
sure: ENC[AES256_GCM,data:FULJ2gjJ2gZC3s324itW+CjGRBHIP9RnOqw5TT1UaiUhb7UHAPm1na+LsZk=,iv:c0GnVZkxprJUzPPq3TCQaZvAes9QQuvDXqgVLLaiQIg=,tag:uDxy/Lkd2hNK4AWwMNMslw==,type:str]
|
||||
wikijs: ENC[AES256_GCM,data:2drkkTevrcUrgxOHavIEPcemc2l5+/3GEAYNCYVL/63daVda5tzL61tPm2A=,iv:87qPrlRaosXO75eaxo4xjevVc1Pt9MiHv6lYFBB3MKU=,tag:SnVbVR4ZM0qvVmWpcgSKrg==,type:str]
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
@@ -213,14 +210,6 @@ immich:
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:bzMt0Ox0Za4dOhoo7S6dYCdK32JI9Q==,iv:PRTryIJk0tR545XY0LoHwklvsJp5+A5bEljNmzUvRhY=,tag:EVsjRUGMOadaNbMu0Xr4XA==,type:comment]
|
||||
actualbudget:
|
||||
oidc:
|
||||
secret: ENC[AES256_GCM,data:TE2umZ9Vvr7cSfA2+TAfRadIWZN3hyOKQ6U9NqJFm5e9iiw1avI+QlnYcKI=,iv:rUWoclBRqh0tsGnMq29395Fn2NP7AXnSCd0s+S8jQ6I=,tag:qPX/TcdIo6BJeex7wmi02Q==,type:str]
|
||||
hash: ENC[AES256_GCM,data:UjhNkGj+sxbnmPUx1V5kVYwZnzsB0aEvN8YV29lcvMbSnf9xpQWwD5C93Zu8SYrnS/p88qZpGBgAjr9Pcly3y0H1YMRt9zzbHZU3Uo0DPDrSWRQdeB/8LkcM/cwMAs8arS6PO03ECNnN5Z6aTmFdFnLjUkvUuSWMFscItAzMzhWCpeY=,iv:B06LI7Cq3NN8haOLfN3gWIpUFnvdUlq6D2XmARojDpk=,tag:MflE8qcY5j/aAA7xfPCqng==,type:str]
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:McPUAbIUvtC1gdPaxTgAxAMCMWcLfg==,iv:Tp6idRf7he3sYzo8LW596C905JAaoTIhIoDUzSyRT0k=,tag:4mZQ0Swu1X9uuwjsRNhr2A==,type:comment]
|
||||
paperless:
|
||||
session_secret: ENC[AES256_GCM,data:siwCs2noeVpg9DCEZybnmo/oz11BdrHSTnHciMOu/6g=,iv:XVjhu10TIujIdUopN9+TVVqRade9EvItDWxym6YXnZs=,tag:TxLYm+4Bo7IMaTQBtMg9pQ==,type:str]
|
||||
@@ -232,22 +221,6 @@ paperless:
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:V7DJHA2JQirfBsrCGhXrhg==,iv:+jYqX9hGNnuyYj9o9LpCYFVOoD6nSrtc4t40Ag0mMzo=,tag:1wSxKtkJm42reUxdwYDvlg==,type:comment]
|
||||
vikunja:
|
||||
session_secret: ENC[AES256_GCM,data:CMyw8JGHyTczGsrOJJwQBKfXMU4Sudvwkur1Lgx4o64=,iv:F2VmpqddiDT4jGaGDKGl6FARsQOt3lLz3X6TjC2MIVU=,tag:UJYyzrl/FX1BNwY4ROFncA==,type:str]
|
||||
oidc:
|
||||
secret: ENC[AES256_GCM,data:QwqndYsfr+fh9OLkHYtLYCa6WUdhnL7A4btz1d1eelTwq3Kps5S6BUN5qZg=,iv:51N8byIAAUh4ky7YBAuEJOBEWu1d9AX5W1m37/cLlCM=,tag:GD7jbxNGd748TCPgqsxyMg==,type:str]
|
||||
hash: ENC[AES256_GCM,data:ORifyT4u1V2CyBCNBgF72wwS2i05mlzA4iIVEa1cH9aaE69PdiQvGGzMHK+tmlfpVaVQEENSt1QDUSSlMyeuZT/3a0JwAvlz+XDbpS7bicL2cB6DCa4JyEd/rbGRXs0/COfxPxXzYv7jq9gd2uSJ+cCGYb/93WuEXSEI6PHi+FF7N94=,iv:FVSGySa4YB2vwenqSagBzxeIexg91ewvcQMix+etmng=,tag:yyQtOgzOZypba+rV3A1K9g==,type:str]
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:EsRGZP7snPchEAMoQN5PoQpiOA==,iv:A/8POGq3pIw7aX5S2vyKtI2vPqH0FT6yZnpe/vVbifw=,tag:BgUYHX2zxIL7yLS0JbI1Yg==,type:comment]
|
||||
opencloud:
|
||||
admin:
|
||||
password: ENC[AES256_GCM,data:VKG7sNTTLHCXRGf4SAlR91+hvc7PaNrnpJX/4kItVcT9W1Hdl/yKgHHD7M8=,iv:WwWnx9KuN+i/Ugwv+HY4IGDZrLHk71hsobGFOn9kml0=,tag:SS6ihrtZjLnlAJR59lw+gw==,type:str]
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:k55osvepVeB1RC5hZ4IF,iv:AlhfmWwn/DiSESWc+ULJSOLUhnrKAIfWr7MeiwV8qc8=,tag:hOgptwUcY6nVxPIhu+DYgw==,type:comment]
|
||||
affine:
|
||||
secret_key: ENC[AES256_GCM,data:LLX78DpYnha1JWhgw0sHLzIVq/oIzvT+nB7zgli4mroGbnt7WZaXCx34zKkYRwYj/+0L4IFFVdkzKtK5DO84SgFkS2Bk2iNdCMqIx80CpyiD8IWAcyRu5d6hh82PlgyxU80T/4nbLbIn0GLubPTTeUX8GC3VxRU=,iv:DnmvbhlygSHes0jAkIm4+WXMUQLzr4R4dNa33rO67v8=,tag:+2wlh+/ekiTyShWM4XBbUw==,type:str]
|
||||
@@ -269,14 +242,6 @@ nextcloud:
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:tMahvC9OLW4+AGLyx68SNsOPBezApw==,iv:WHx8ruuQ33J/8XtwyhvDy2cKqE7lAWvj/r5AUhdyssU=,tag:uRwheXUxqNSIhcPqGeMNog==,type:comment]
|
||||
ezbookkeeping:
|
||||
oidc:
|
||||
secret: ENC[AES256_GCM,data:ZMIfRwXDT1ujGKoc7DGvc8/O+ciB+kajo9yOwVsMsbEjl6D8gl6I0Lbsta8=,iv:++p1TTW6gDUEvh56SjMgldrpob/VWNtiYGo6wNS8cz0=,tag:LQaW333UskiN4mtIjUAguA==,type:str]
|
||||
hash: ENC[AES256_GCM,data:XyB1N3MUzBHWHAumat7/ASy/Aja/gLKmeTriOqLnMgZ9lBE1birYtFW+R0wZ+vyx79tHKVnRxzrWsxoD5jitCmHyMVrJmJKl5c4SYMhytKfBPgrNe3twcc06U+wONmgAuVpaEQlnnyzAz42SpOHbT55GegHjYzT5hXax8eRvdM6xJSY=,iv:R4+EdQuKo2JumY3cu8KPpeFezcLhlehXBxr2wVG5wHk=,tag:hpDX1x9NCCutUsnDKEf1Sg==,type:str]
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:Fsqc2JDp9dvfgiCjdQ==,iv:3DALKKEXaP8hzXRvxD4CgfFpOiPPsOa16OB94n8WKp8=,tag:K+FF3zGrc0YLXWK/R2L3Ow==,type:comment]
|
||||
sure:
|
||||
session_secret: ENC[AES256_GCM,data:InHsz/jld8E9TwI8MWpxk9x2I7dxlIsY9R6jtDK2pBA=,iv:HY5yXEC2Dce26e9/vXTIWELvVd9ZjhcCwFD0jhz5pPw=,tag:LLSJovZ0RH3CUK+se7R4Ag==,type:str]
|
||||
@@ -286,23 +251,6 @@ sure:
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:NkvAsD10P7qUvGPXeTY+rQ==,iv:GjsUk3Ht6RYW/rhkRhMSFEmtsAiS+dK7niYDJVBj2iE=,tag:8KnDcuRTm7P76Kh2hmWeXw==,type:comment]
|
||||
wikijs:
|
||||
il: ENC[AES256_GCM,data:gsAEHk4MI75EXIiqdb05RYSmlxaQ7mlYXTwTYYVJ20KC397T6xbHzvNojlI=,iv:iYc+BahiJ50LSr35/T1VCQsxsRen5rKLwQhfVQMkdz4=,tag:rscWcLWyTaSR4KEPJaes2A==,type:str]
|
||||
oidc:
|
||||
secret: ENC[AES256_GCM,data:+bmvyUkiQ+vnaJW7wgjohv4wdvliqx8whdSM8iBUJXGFy/QOs2oJm4FoUcA=,iv:U07y/+87zbXQ2hQ4HvzKcEH5nQsaSIF1Oh3yv6/ytWU=,tag:knGwjGhH5D/OSvW6j5S0VQ==,type:str]
|
||||
hash: ENC[AES256_GCM,data:7jKBt9mdfxKDU6vBIP6k/wj0gIsRnLwwSrLOlnbbiNZVmbZXqv/UxEsLxCyx1rP2mzGgaxNCBh6WOo7mbSMPezMiuf/enrNrmIwpcP2R0H6LxGTiLFk/7EZ493oy7qFmmsM2qM7Y6qhhKUygD4XbJfVZ2sdojjIGAWy6XdpbbQICb5I=,iv:N3gPga+iDYUF0uAx671DP+4c7FYUKP12MEbYmKZRPAI=,tag:7tKwhxk5yQ0KfZrg0+v/rw==,type:str]
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:rf52AKZDCNq9PVnAMnDXzw==,iv:+rT8sgcAz0LoeUcPgIrpSw/JWvk5agunnTkaWac16kU=,tag:SCyTu1rUNnmS2EFMeIvlCw==,type:comment]
|
||||
trilium:
|
||||
oidc:
|
||||
secret: ENC[AES256_GCM,data:EfKdxk/OBgQyGVwOnxMFS/HhucL5qicaB7HfWu4yNvmrqxU+ubkT62zJewQ=,iv:Ye4gNbyOuEaujGfxXYKg4GWDOP+cnTNL230t8B98WUY=,tag:B1YoabR7y8OVUKYj/aiSPA==,type:str]
|
||||
hash: ENC[AES256_GCM,data:QyU+leT28FY3nW+tIbnap2n52xw1bcb77ziFf6cW9gdwwhL6rJCEaTGQritpVsCH5C9ytxlV0Acn7dJbnYSHFtZ2jbuvYMSQR4ewtY+tFX1MdD9+FmtH8umb7PHbG6upXgrXRNRIglJ4U1BEfg0xkdzEPbJq+r13A1+cKESrewayae4=,iv:CUE6YjDzgoc017e8+dT1S956PwmOlb7h6dhnOpCr3iw=,tag:XGgpzuVZXJ8Axb4ib8anVQ==,type:str]
|
||||
#ENC[AES256_GCM,data:ODXFUxxxdQ==,iv:s9zJVx6wo6x517tbNvC+FZ0dFzqbjqeLI6rXBq72hQA=,tag:bXoV2I3LbpmQyddJrtS3Qg==,type:comment]
|
||||
#
|
||||
#
|
||||
#ENC[AES256_GCM,data:T4Wtn49AAxPd2QUFTR+q,iv:bH5goGWBDqumAat9dUv2OwfCUJUpuVqncTMqMBZUXhI=,tag:G+W6hHA+yftQ+4RJpXrxHg==,type:comment]
|
||||
switch:
|
||||
password: ENC[AES256_GCM,data:qu0f9L7A0eFq/UCpaRs=,iv:W8LLOp3MSfd/+EfNEZNf91K8GgI5eUfVPoWTRES2C0Y=,tag:Q5FlAOfwqwJwPvd7k6i+0g==,type:str]
|
||||
@@ -332,7 +280,7 @@ sops:
|
||||
UmliaFNxVTBqRkI1QWJpWGpTRWxETW8KEY/8AfU73UOzCGhny1cNnd5dCNv7bHXt
|
||||
k+uyWPPi+enFkVaceSwMFrA66uaWWrwAj11sXEB7yzvGFPrnAGezjQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-05-09T12:29:30Z"
|
||||
mac: ENC[AES256_GCM,data:ql3rWwdwJRn2nH0SLnjTaJK4NVemxG8T814VEDaHv38bc7A3aaMGuZ92mHY4z+5oNA+DpR/UjkGJ/NrckbURxY63BEcyVCsS4Rb95HTKjDOjf2g5rrohdgI3ZUE1jvlyf3tAh2ZYh1J8QddLKyLju/J43KcB+XRQKhJv4kubAQ0=,iv:4inRbBMuhB7Hzi8fGpqyC3juUqteZGLXX0GtnHusF7Y=,tag:ZxJ6iv8NxJr4rvCInml8dg==,type:str]
|
||||
lastmodified: "2026-05-09T14:26:51Z"
|
||||
mac: ENC[AES256_GCM,data:TYs08ZSS2kcO5lYuhQ/IySUSQ3DpL+ba3/uNLyszht4OttR110/W/WQLiRuu/Ql6FwtDtjq6I3iNpOhmCHSv1kMCam1l99GEIYCaPUIY+TY3Zw0j7518dFXe8p/DrKRwIVXfK5lIKLIEd+eizD50HzwXXJFmU+7YDkQ1Dx+55kw=,iv:arJKJ4wO4sdQlu3GZbtultsfM6s8vbhG93tnf2EjJDc=,tag:m95gUqvn4w85XI8qVvCZpQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.12.1
|
||||
|
||||
@@ -1,29 +0,0 @@
|
||||
[Quadlet]
|
||||
DefaultDependencies=false
|
||||
|
||||
[Unit]
|
||||
Description=Actual Budget
|
||||
|
||||
[Container]
|
||||
Image=ghcr.io/actualbudget/actual-server:{{ version['containers']['actualbudget'] }}
|
||||
ContainerName=actual-budget
|
||||
HostName=actual-budget
|
||||
|
||||
PublishPort={{ services['actualbudget']['ports']['http'] }}:5006
|
||||
|
||||
Volume=%h/data/containers/actual-budget:/data:rw
|
||||
|
||||
Environment="TZ=Asia/Seoul"
|
||||
Environment="ACTUAL_OPENID_DISCOVERY_URL=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}/.well-known/openid-configuration"
|
||||
Environment="ACTUAL_OPENID_CLIENT_ID=actual-budget"
|
||||
Environment="ACTUAL_OPENID_SERVER_HOSTNAME=https://{{ services['actualbudget']['domain']['public'] }}.{{ domain['public'] }}"
|
||||
Environment="ACTUAL_OPENID_AUTH_METHOD=oauth2"
|
||||
Secret=ACTUAL_OPENID_CLIENT_SECRET,type=env
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
TimeoutStopSec=120
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
@@ -1,61 +0,0 @@
|
||||
[Quadlet]
|
||||
DefaultDependencies=false
|
||||
|
||||
[Unit]
|
||||
Description=ezBookkeeping
|
||||
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Container]
|
||||
Image=docker.io/mayswind/ezbookkeeping:{{ version['containers']['ezbookkeeping'] }}
|
||||
ContainerName=ezbookkeeping
|
||||
HostName=ezbookkeeping
|
||||
|
||||
PublishPort={{ services['ezbookkeeping']['ports']['http'] }}:8080/tcp
|
||||
|
||||
Volume=%h/data/containers/ezbookkeeping/data:/data:rw
|
||||
Volume=%h/containers/ezbookkeeping/ssl:/etc/ssl/ezbookkeeping:ro
|
||||
|
||||
# General
|
||||
Environment="TZ=Asia/Seoul"
|
||||
Environment="EBK_SERVER_DOMAIN={{ services['ezbookkeeping']['domain']['public'] }}.{{ domain['public'] }}"
|
||||
Environment="EBK_SERVER_ROOT_URL=https://{{ services['ezbookkeeping']['domain']['public'] }}.{{ domain['public'] }}/"
|
||||
Environment="EBK_LOG_MODE=console"
|
||||
|
||||
# Database
|
||||
Environment="EBK_DATABASE_TYPE=postgres"
|
||||
Environment="EBK_DATABASE_HOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}:{{ services['postgresql']['ports']['tcp'] }}"
|
||||
Environment="EBK_DATABASE_NAME=ezbookkeeping_db"
|
||||
Environment="EBK_DATABASE_USER=ezbookkeeping"
|
||||
Secret=EBK_DATABASE_PASSWD,type=env
|
||||
Environment="EBK_DATABASE_SSL_MODE=verify-full"
|
||||
Environment="PGSSLROOTCERT=/etc/ssl/ezbookkeeping/{{ root_cert_filename }}"
|
||||
|
||||
# OIDC
|
||||
Environment="EBK_AUTH_ENABLE_OAUTH2_AUTH=true"
|
||||
Environment="EBK_AUTH_OAUTH2_PROVIDER=oidc"
|
||||
Environment="EBK_AUTH_OAUTH2_CLIENT_ID=ezbookkeeping"
|
||||
Secret=EBK_AUTH_OAUTH2_CLIENT_SECRET,type=env
|
||||
Environment="EBK_AUTH_OAUTH2_USE_PKCE=true"
|
||||
Environment="EBK_AUTH_OIDC_PROVIDER_BASE_URL=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
|
||||
Environment="EBK_AUTH_ENABLE_OIDC_DISPLAY_NAME=true"
|
||||
Environment="EBK_AUTH_OIDC_CUSTOM_DISPLAY_NAME=Authelia"
|
||||
|
||||
# Registration / auth policy
|
||||
Environment="EBK_AUTH_ENABLE_INTERNAL_AUTH=false"
|
||||
Environment="EBK_USER_ENABLE_REGISTER=true"
|
||||
Environment="EBK_AUTH_OAUTH2_AUTO_REGISTER=true"
|
||||
|
||||
# AI / MCP disabled by default
|
||||
Environment="EBK_MCP_ENABLE_MCP=false"
|
||||
Environment="EBK_LLM_TRANSACTION_FROM_AI_IMAGE_RECOGNITION=false"
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
TimeoutStopSec=120
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
@@ -1,38 +0,0 @@
|
||||
directives:
|
||||
child-src:
|
||||
- '''self'''
|
||||
connect-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
- 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps'
|
||||
- 'https://update.opencloud.eu'
|
||||
- 'https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}'
|
||||
# default-src:
|
||||
# - '''none'''
|
||||
font-src:
|
||||
- '''self'''
|
||||
frame-ancestors:
|
||||
- '''self'''
|
||||
frame-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
img-src:
|
||||
- '''self'''
|
||||
- 'data:'
|
||||
- 'blob:'
|
||||
manifest-src:
|
||||
- '''self'''
|
||||
media-src:
|
||||
- '''self'''
|
||||
# object-src:
|
||||
# - '''none'''
|
||||
script-src:
|
||||
- '''self'''
|
||||
- '''unsafe-inline'''
|
||||
- '''unsafe-eval'''
|
||||
style-src:
|
||||
- '''self'''
|
||||
- '''unsafe-inline'''
|
||||
worker-src:
|
||||
- '''self'''
|
||||
- 'blob:'
|
||||
@@ -1,17 +0,0 @@
|
||||
role_assignment:
|
||||
driver: "oidc"
|
||||
oidc_role_mapper:
|
||||
role_claim: "preferred_username"
|
||||
role_mapping:
|
||||
{% for admin_user in ['il'] %}
|
||||
- role_name: "admin"
|
||||
claim_value: "{{ admin_user }}"
|
||||
{% endfor %}
|
||||
{% for general_user in ['morsalin', 'eunkyoung'] %}
|
||||
- role_name: "user"
|
||||
claim_value: "{{ general_user }}"
|
||||
{% endfor %}
|
||||
# - role_name: "spaceadmin"
|
||||
# claim_value: ""
|
||||
# - role_name: user-light
|
||||
# claim_value: ""
|
||||
@@ -1,60 +0,0 @@
|
||||
[Quadlet]
|
||||
DefaultDependencies=false
|
||||
|
||||
[Unit]
|
||||
Description=OpenCloud
|
||||
|
||||
[Container]
|
||||
Image=docker.io/opencloudeu/opencloud:{{ version['containers']['opencloud'] }}
|
||||
ContainerName=opencloud
|
||||
HostName=opencloud
|
||||
|
||||
PublishPort={{ services['opencloud']['ports']['http'] }}:9200
|
||||
|
||||
Volume=%h/containers/opencloud:/etc/opencloud:rw
|
||||
Volume=%h/data/containers/opencloud:/var/lib/opencloud:rw
|
||||
|
||||
# General
|
||||
Environment="TZ=Asia/Seoul"
|
||||
# Log level info
|
||||
Environment="OC_LOG_LEVEL=info"
|
||||
# TLS configuration
|
||||
Environment="PROXY_TLS=false"
|
||||
Environment="OC_INSECURE=true"
|
||||
# Connection
|
||||
Environment="PROXY_HTTP_ADDR=0.0.0.0:9200"
|
||||
Environment="OC_URL=https://{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}"
|
||||
## CSP file location: allow authelia public domain
|
||||
Environment="PROXY_CSP_CONFIG_FILE_LOCATION=/etc/opencloud/csp.yaml"
|
||||
# OIDC
|
||||
Environment="OC_OIDC_ISSUER=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
|
||||
Environment="PROXY_OIDC_REWRITE_WELLKNOWN=true"
|
||||
## OIDC CLIENT CONFIGURATION and SCOPES
|
||||
Environment="WEB_OIDC_CLIENT_ID=opencloud"
|
||||
Environment="WEB_OIDC_SCOPE=openid profile email"
|
||||
## auto sign-in from authelia
|
||||
Environment="PROXY_AUTOPROVISION_ACCOUNTS=true"
|
||||
## Stop using internal idP service
|
||||
Environment="OC_EXCLUDE_RUN_SERVICES=idp"
|
||||
## Don't limit special characters
|
||||
Environment="GRAPH_USERNAME_MATCH=none"
|
||||
|
||||
|
||||
# OIDC standard link environments
|
||||
#Environment="WEB_OIDC_AUTHORITY=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
|
||||
#Environment="WEBFINGER_OIDC_ISSUER=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
|
||||
#Environment="OC_OIDC_CLIENT_ID=opencloud"
|
||||
#Environment="OC_OIDC_CLIENT_SCOPES=openid profile email groups"
|
||||
#Environment="WEBFINGER_ANDROID_OIDC_CLIENT_ID=opencloud"
|
||||
#Environment="WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES=openid profile email groups offline_access"
|
||||
#Environment="WEBFINGER_DESKTOP_OIDC_CLIENT_ID=opencloud"
|
||||
#Environment="WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES=openid profile email groups offline_access"
|
||||
#Environment="WEBFINGER_IOS_OIDC_CLIENT_ID=opencloud"
|
||||
#Environment="WEBFINGER_IOS_OIDC_CLIENT_SCOPES=openid profile email groups offline_access"
|
||||
[Service]
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
TimeoutStopSec=120
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
@@ -1,46 +0,0 @@
|
||||
[Quadlet]
|
||||
DefaultDependencies=false
|
||||
|
||||
[Unit]
|
||||
Description=trilium
|
||||
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Container]
|
||||
Image=docker.io/triliumnext/trilium:{{ version['containers']['trilium'] }}
|
||||
|
||||
ContainerName=trilium
|
||||
HostName=trilium
|
||||
|
||||
PublishPort={{ services['trilium']['ports']['http'] }}:8080/tcp
|
||||
|
||||
Volume=%h/data/containers/trilium/data:/home/node/trilium-data:rw
|
||||
|
||||
# General
|
||||
Environment="TZ=Asia/Seoul"
|
||||
Environment="TRILIUM_DATA_DIR=/home/node/trilium-data"
|
||||
Environment="TRILIUM_NO_UPLOAD_LIMIT=true"
|
||||
|
||||
# OIDC
|
||||
## Short Alias doesn't work now.
|
||||
#Environment="TRILIUM_OAUTH_BASE_URL=https://{{ services['trilium']['domain']['public'] }}.{{ domain['public'] }}"
|
||||
#Environment="TRILIUM_OAUTH_CLIENT_ID=trilium"
|
||||
#Environment="TRILIUM_OAUTH_ISSUER_BASE_URL=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
|
||||
#Environment="TRILIUM_OAUTH_ISSUER_NAME=Authelia"
|
||||
#Environment="TRILIUM_OAUTH_ISSUER_ICON=https://www.authelia.com/images/branding/logo-cropped.png"
|
||||
#Secret="TRILIUM_OAUTH_CLIENT_SECRET",type=env
|
||||
Environment="TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL=https://{{ services['trilium']['domain']['public'] }}.{{ domain['public'] }}"
|
||||
Environment="TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID=trilium"
|
||||
Environment="TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
|
||||
Environment="TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME=Authelia"
|
||||
Environment="TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON=https://www.authelia.com/images/branding/logo-cropped.png"
|
||||
Secret="TRILIUM_OAUTH_CLIENT_SECRET",type=env,target=TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
TimeoutStopSec=120
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
@@ -1,57 +0,0 @@
|
||||
[Quadlet]
|
||||
DefaultDependencies=false
|
||||
|
||||
[Unit]
|
||||
Description=Vikunja
|
||||
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Container]
|
||||
Image=docker.io/vikunja/vikunja:{{ version['containers']['vikunja'] }}
|
||||
ContainerName=vikunja
|
||||
HostName=vikunja
|
||||
PublishPort={{ services['vikunja']['ports']['http'] }}:3456/tcp
|
||||
|
||||
# Volumes
|
||||
Volume=%h/data/containers/vikunja:/app/vikunja/files:rw
|
||||
Volume=%h/containers/vikunja/ssl:/etc/ssl/vikunja:ro
|
||||
|
||||
# General
|
||||
Environment="TZ=Asia/Seoul"
|
||||
Environment="VIKUNJA_DEFAULTSETTINGS_TIMEZONE=Asia/Seoul"
|
||||
Environment="VIKUNJA_SERVICE_TIMEZONE=Asia/Seoul"
|
||||
Environment="VIKUNJA_SERVICE_PUBLICURL=https://{{ services['vikunja']['domain']['public'] }}.{{ domain['public'] }}"
|
||||
Environment="VIKUNJA_SERVICE_ENABLEREGISTRATION=false"
|
||||
Secret=VIKUNJA_SERVICE_JWTSECRET,type=env
|
||||
|
||||
|
||||
# Database
|
||||
Environment="VIKUNJA_DATABASE_TYPE=postgres"
|
||||
Environment="VIKUNJA_DATABASE_HOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}"
|
||||
Environment="VIKUNJA_DATABASE_USER=vikunja"
|
||||
Environment="VIKUNJA_DATABASE_DATABASE=vikunja_db"
|
||||
Environment="VIKUNJA_DATABASE_SSLMODE=verify-full"
|
||||
Environment="VIKUNJA_DATABASE_SSLROOTCERT=/etc/ssl/vikunja/{{ root_cert_filename }}"
|
||||
Secret=VIKUNJA_DATABASE_PASSWORD,type=env
|
||||
|
||||
|
||||
# OIDC
|
||||
Environment="VIKUNJA_AUTH_OPENID_ENABLED=true"
|
||||
Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_NAME=Authelia"
|
||||
Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_AUTHURL=https://{{ services['authelia']['domain'] }}.{{ domain['public'] }}"
|
||||
Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_CLIENTID=vikunja"
|
||||
# Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_SCOPE=" default value = openid email profile
|
||||
# Vikunja doesn't support OIDC and local dual login.
|
||||
# Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_USERNAMEFALLBACK=true"
|
||||
# Environment="VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_EMAILFALLBACK=true"
|
||||
Secret=VIKUNJA_AUTH_OPENID_PROVIDERS_authelia_CLIENTSECRET,type=env
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
TimeoutStopSec=120
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
@@ -1,41 +0,0 @@
|
||||
[Quadlet]
|
||||
DefaultDependencies=false
|
||||
|
||||
[Unit]
|
||||
Description=Wiki.js
|
||||
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Container]
|
||||
Image=ghcr.io/requarks/wiki:{{ version['containers']['wikijs'] }}
|
||||
ContainerName=wikijs
|
||||
HostName=wikijs
|
||||
PublishPort={{ services['wikijs']['ports']['http'] }}:3000/tcp
|
||||
|
||||
# Volumes
|
||||
Volume=%h/data/containers/wikijs/data:/wiki/data:rw
|
||||
Volume=%h/data/containers/wikijs/export:/wiki/export:rw
|
||||
Volume=%h/containers/wikijs/ssl:/etc/ssl/wiki:ro
|
||||
|
||||
# General
|
||||
Environment="TZ=Asia/Seoul"
|
||||
|
||||
# Database
|
||||
Environment="DB_TYPE=postgres"
|
||||
Environment="DB_HOST={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}"
|
||||
Environment="DB_PORT={{ services['postgresql']['ports']['tcp'] }}"
|
||||
Environment="DB_USER=wikijs"
|
||||
Environment="DB_NAME=wikijs_db"
|
||||
Environment="DB_SSL=true"
|
||||
Environment="NODE_EXTRA_CA_CERTS=/etc/ssl/wiki/{{ root_cert_filename }}"
|
||||
Secret=WIKIJS_DB_PASS,type=env,target=DB_PASS
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/usr/bin/nc -zv {{ services['postgresql']['domain'] }}.{{ domain['internal'] }} {{ services['postgresql']['ports']['tcp'] }}
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
TimeoutStopSec=120
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
@@ -93,25 +93,6 @@ notifier:
|
||||
identity_providers:
|
||||
oidc:
|
||||
hmac_secret: '' # $AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE
|
||||
claims_policies:
|
||||
# trilium expects name/email value in id token, but authelia doesn't send it basically
|
||||
trilium:
|
||||
id_token:
|
||||
- email
|
||||
- email_verified
|
||||
- preferred_username
|
||||
- name
|
||||
# For the app which doesn't use secret.
|
||||
cors:
|
||||
endpoints:
|
||||
- 'authorization'
|
||||
- 'token'
|
||||
- 'revocation'
|
||||
- 'introspection'
|
||||
- 'userinfo'
|
||||
allowed_origins:
|
||||
- 'https://{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}'
|
||||
allowed_origins_from_client_redirect_uris: true
|
||||
jwks:{% raw %}
|
||||
- algorithm: 'RS256'
|
||||
use: 'sig'
|
||||
@@ -192,28 +173,6 @@ identity_providers:
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
# https://www.authelia.com/integration/openid-connect/clients/actual-budget/
|
||||
- client_id: 'actual-budget'
|
||||
client_name: 'Actual Budget'
|
||||
client_secret: '{{ hostvars['console']['actualbudget']['oidc']['hash'] }}'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: false
|
||||
pkce_challenge_method: ''
|
||||
redirect_uris:
|
||||
- 'https://{{ services['actualbudget']['domain']['public'] }}.{{ domain['public'] }}/openid/callback'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'groups'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
# https://www.authelia.com/integration/openid-connect/clients/paperless/
|
||||
- client_id: 'paperless'
|
||||
client_name: 'Paperless'
|
||||
@@ -236,122 +195,6 @@ identity_providers:
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
# https://www.authelia.com/integration/openid-connect/clients/vikunja/
|
||||
- client_id: 'vikunja'
|
||||
client_name: 'Vikunja'
|
||||
client_secret: '{{ hostvars['console']['vikunja']['oidc']['hash'] }}'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: false
|
||||
pkce_challenge_method: ''
|
||||
redirect_uris:
|
||||
- 'https://{{ services['vikunja']['domain']['public'] }}.{{ domain['public'] }}/auth/openid/authelia'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
# OpenCloud configuration
|
||||
## https://docs.opencloud.eu/docs/admin/configuration/authentication-and-user-management/external-idp/
|
||||
## Web
|
||||
- client_id: 'opencloud'
|
||||
client_name: 'OpenCloud'
|
||||
public: true
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: true
|
||||
pkce_challenge_method: 'S256'
|
||||
redirect_uris:
|
||||
- 'https://{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}/'
|
||||
- 'https://{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}/oidc-callback.html'
|
||||
- 'https://{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}/oidc-silent-redirect.html'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
- 'groups'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'RS256'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'none'
|
||||
## desktop
|
||||
- client_id: 'OpenCloudDesktop'
|
||||
client_name: 'OpenCloud'
|
||||
public: true
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: true
|
||||
pkce_challenge_method: 'S256'
|
||||
redirect_uris:
|
||||
- 'http://localhost'
|
||||
- 'http://127.0.0.1'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
- 'groups'
|
||||
- 'offline_access'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
- 'refresh_token'
|
||||
access_token_signed_response_alg: 'RS256'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'none'
|
||||
## Android
|
||||
- client_id: 'OpenCloudAndroid'
|
||||
client_name: 'OpenCloud'
|
||||
public: true
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: true
|
||||
pkce_challenge_method: 'S256'
|
||||
redirect_uris:
|
||||
- 'oc://android.opencloud.eu'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
- 'groups'
|
||||
- 'offline_access'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
- 'refresh_token'
|
||||
access_token_signed_response_alg: 'RS256'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'none'
|
||||
## IOS
|
||||
- client_id: 'OpenCloudIOS'
|
||||
client_name: 'OpenCloud'
|
||||
public: true
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: true
|
||||
pkce_challenge_method: 'S256'
|
||||
redirect_uris:
|
||||
- 'oc://ios.opencloud.eu'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
- 'groups'
|
||||
- 'offline_access'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
- 'refresh_token'
|
||||
access_token_signed_response_alg: 'RS256'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'none'
|
||||
# https://docs.affine.pro/self-host-affine/administer/oauth-2-0
|
||||
- client_id: 'affine'
|
||||
client_name: 'Affine'
|
||||
@@ -395,27 +238,6 @@ identity_providers:
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
# https://www.authelia.com/integration/openid-connect/clients/ezbookkeeping/
|
||||
- client_id: 'ezbookkeeping'
|
||||
client_name: 'ezBookkeeping'
|
||||
client_secret: '{{ hostvars['console']['ezbookkeeping']['oidc']['hash'] }}'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: true
|
||||
pkce_challenge_method: 'S256'
|
||||
redirect_uris:
|
||||
- 'https://{{ services['ezbookkeeping']['domain']['public'] }}.{{ domain['public'] }}/oauth2/callback'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
# https://www.authelia.com/integration/openid-connect/clients/sure/
|
||||
- client_id: 'sure'
|
||||
client_name: 'Sure'
|
||||
@@ -438,49 +260,3 @@ identity_providers:
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
# https://www.authelia.com/integration/openid-connect/clients/wikijs/
|
||||
- client_id: 'wikijs'
|
||||
client_name: 'Wiki'
|
||||
client_secret: '{{ hostvars['console']['wikijs']['oidc']['hash'] }}'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: false
|
||||
pkce_challenge_method: ''
|
||||
redirect_uris:
|
||||
# add Callback URL / Redirect URI HERE
|
||||
- 'https://{{ services['wikijs']['domain']['public'] }}.{{ domain['public'] }}/login/aa72242e-7058-4cfa-9504-19a4208062ea/callback' # Note this must be copied during step 7 of the Application configuration.
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
# https://www.authelia.com/integration/openid-connect/clients/trillium/
|
||||
# The name is trilium, not trillium
|
||||
- client_id: 'trilium'
|
||||
client_name: 'Trilium Notes'
|
||||
client_secret: '{{ hostvars['console']['trilium']['oidc']['hash'] }}'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
# claims policy above
|
||||
claims_policy: 'trilium'
|
||||
require_pkce: false
|
||||
pkce_challenge_method: ''
|
||||
redirect_uris:
|
||||
- 'https://{{ services['trilium']['domain']['public'] }}.{{ domain['public'] }}/callback'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
|
||||
@@ -47,30 +47,12 @@
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['actualbudget']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['actualbudget']['ports']['http'] }} {
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['paperless']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['paperless']['ports']['http'] }} {
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['vikunja']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['vikunja']['ports']['http'] }} {
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['opencloud']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['opencloud']['ports']['http'] }} {
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['affine']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['affine']['ports']['http'] }} {
|
||||
@@ -89,27 +71,9 @@
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['ezbookkeeping']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['ezbookkeeping']['ports']['http'] }} {
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['sure']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['sure']['ports']['http'] }} {
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['wikijs']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['wikijs']['ports']['http'] }} {
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
{{ services['trilium']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
import private_tls
|
||||
reverse_proxy host.containers.internal:{{ services['trilium']['ports']['http'] }} {
|
||||
header_up Host {http.request.header.X-Forwarded-Host}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -91,15 +91,6 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['actualbudget']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
crowdsec
|
||||
reverse_proxy https://{{ services['actualbudget']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
header_up Host {http.reverse_proxy.upstream.host}
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['paperless']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
@@ -109,24 +100,6 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['vikunja']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
crowdsec
|
||||
reverse_proxy https://{{ services['vikunja']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
header_up Host {http.reverse_proxy.upstream.host}
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
crowdsec
|
||||
reverse_proxy https://{{ services['opencloud']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
header_up Host {http.reverse_proxy.upstream.host}
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['affine']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
@@ -154,15 +127,6 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['ezbookkeeping']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
crowdsec
|
||||
reverse_proxy https://{{services['ezbookkeeping']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
header_up Host {http.reverse_proxy.upstream.host}
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['sure']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
@@ -172,24 +136,6 @@
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['wikijs']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
crowdsec
|
||||
reverse_proxy https://{{services['wikijs']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
header_up Host {http.reverse_proxy.upstream.host}
|
||||
}
|
||||
}
|
||||
}
|
||||
{{ services['trilium']['domain']['public'] }}.{{ domain['public'] }} {
|
||||
import crowdsec_log
|
||||
route {
|
||||
crowdsec
|
||||
reverse_proxy https://{{services['trilium']['domain']['internal'] }}.{{ domain['internal'] }} {
|
||||
header_up Host {http.reverse_proxy.upstream.host}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Internal domain
|
||||
{{ node['name'] }}.{{ domain['internal'] }} {
|
||||
|
||||
@@ -12,12 +12,8 @@ whitelist:
|
||||
- "{{ hostvars['fw']['network6']['console']['wg'] }}"
|
||||
{% if node['name'] == 'auth' %}
|
||||
expression:
|
||||
# budget local-first sql scrap rule
|
||||
- "evt.Meta.target_fqdn == '{{ services['actualbudget']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status in ['200', '304'] && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/data/migrations/'"
|
||||
# immich thumbnail request 404 error false positive
|
||||
- "evt.Meta.target_fqdn == '{{ services['immich']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/api/assets/' && evt.Meta.http_path contains '/thumbnail'"
|
||||
# opencloud chunk request false positive
|
||||
- "evt.Meta.target_fqdn == '{{ services['opencloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status in ['200', '304'] && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/js/chunks/'"
|
||||
# nextcloud thumbnail/preview request error false positive
|
||||
- "evt.Meta.target_fqdn == '{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}' && evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path startsWith '/index.php/core/preview?'"
|
||||
{% endif %}
|
||||
|
||||
Reference in New Issue
Block a user