Initial commit

2020-01-25 15:05:38 +01:00 · 2020-01-25 15:05:38 +01:00 · dc098d434e
commit dc098d434e
5 changed files with 195 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,7 @@
 traefik/acme.json
 traefik/certs/
 traefik/traefik.log
 authelia/db.sqlite3
 authelia/notification.txt
 authelia/users_database.yml
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@ -0,0 +1,36 @@
 host: 0.0.0.0
 port: 9091
 logs_level: trace
 jwt_secret: {{ env.Getenv "PRIVATE_DOMAIN" }}-jwt-secret
 authentication_backend:
  file:
    path: /opt/authelia/users_database.yml
    # {{ env.Getenv "ROOT_DOMAIN" }}
 session:
  name: authelia_session
  secret: {{ env.Getenv "PRIVATE_DOMAIN" }}-token-secret
  domain: {{ env.Getenv "PRIVATE_DOMAIN" }}
  expiration: 3600
  inactivity: 300
 storage:
  local:
    path: /opt/authelia/db.sqlite3
 totp:
  issuer: {{ env.Getenv "PRIVATE_DOMAIN" }}
 access_control:
  default_policy: one_factor
 regulation:
  max_retries: 1000
  find_time: 120
  ban_time: 300
 notifier:
  filesystem:
    filename: /opt/authelia/notification.txt
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -0,0 +1,98 @@
 version: "3.5"
 networks:
  web:
    external: false
    name: web
 volumes:
  authelia-config:
 services:
  proxy:
    container_name: traefik
    image: traefik:v2.1
    restart: always
    environment:
      - EMAIL
      - PRIVATE_DOMAIN
      - PUBLIC_DOMAIN
    networks:
      - web
    command:
      - "--configFile=/data/traefik.yaml"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./traefik:/data"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      - "traefik.http.routers.traefik.rule=Host(`traefik.${PRIVATE_DOMAIN}`)"
      - "traefik.http.routers.traefik.middlewares=auth@file"
      - "traefik.http.routers.traefik.tls.certResolver=le"
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redir@file"
  authelia-config:
    image: hairyhenderson/gomplate
    environment:
      - PRIVATE_DOMAIN
      - PUBLIC_DOMAIN
    volumes:
      - ./authelia/configuration.yml:/data/input:ro
      - authelia-config:/data/output
    command: '--file=/data/input --out=/data/output/configuration.yml'
  authelia:
    container_name: authelia
    image: authelia/authelia
    restart: always
    links:
      - authelia-config
    volumes:
      - ./authelia:/opt/authelia
      - authelia-config:/etc/authelia/
    environment:
      - ENVIRONMENT=dev
      - NODE_TLS_REJECT_UNAUTHORIZED=1
    networks:
      - web
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.authelia.rule=Host(`auth.${PRIVATE_DOMAIN}`)"
      - "traefik.http.routers.authelia.tls=true"
      - "traefik.http.routers.authelia.tls.certResolver=le"
      - "traefik.http.routers.authelia.entrypoints=websecure"
 # whoami-http:
 #   image: containous/whoami
 #   networks:
 #     - web
 #   labels:
 #     - "traefik.enable=true"
 #     - "traefik.http.routers.whoami2.rule=Host(`wai-http.${PRIVATE_DOMAIN}`)"
 #
 # whoami-https:
 #   image: containous/whoami
 #   networks:
 #     - web
 #   labels:
 #     - "traefik.enable=true"
 #     - "traefik.http.routers.whoami.rule=Host(`wai-https.${PRIVATE_DOMAIN}`)"
 #     - "traefik.http.routers.whoami.tls.certResolver=le"
 # whoami-auth:
 #   image: containous/whoami
 #   networks:
 #     - web
 #   labels:
 #     - "traefik.enable=true"
 #     - "traefik.http.routers.wai.rule=Host(`wai-auth.${PRIVATE_DOMAIN}`)"
 #     - "traefik.http.routers.wai.tls.certResolver=le"
 #     - "traefik.http.routers.wai.middlewares=auth@file"
--- a/traefik/tls.yaml
+++ b/traefik/tls.yaml
@ -0,0 +1,28 @@
 http:
  middlewares:
    redir:
      redirectScheme:
        scheme: https
        permanent: true
    auth:
      forwardAuth:
        address: http://authelia:9091/api/verify?rd=https://auth.{{ env "PRIVATE_DOMAIN" }}/%23/
        trustForwardHeader: true
        authResponseHeaders:
          - X-Forwarded-User
        insecureSkipVerify: true
  services:
    hass:
      loadBalancer:
        servers:
          - url: http://192.168.0.10:8123
  routers:
    hass:
      service: hass
      rule: Host(`avagen.{{ env "PRIVATE_DOMAIN" }}`)
      middleware: redir
      tls:
        certResolver: le
--- a/traefik/traefik.yaml
+++ b/traefik/traefik.yaml
@ -0,0 +1,26 @@
 api:
  insecure: true
 providers:
  file:
    filename: /data/tls.yaml
  docker:
    exposedByDefault: false
 log:
  filePath: /data/traefik.log
  level: DEBUG
 entryPoints:
  web:
    address: :80
  websecure:
    address: :443
 certificatesResolvers:
  le:
    acme:
      email: '{{ env "EMAIL" }}'
      storage: /data/acme.json
      httpChallenge:
        entrypoint: web