From e19cea7e762bc718bf9568d11d12a2ef304cc011 Mon Sep 17 00:00:00 2001 From: Micha Date: Sun, 29 Mar 2026 12:23:16 +0000 Subject: [PATCH] feat(security/authelia): add Authelia stack (Sprint 7) --- security/authelia/docker-compose.yml | 36 ++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 security/authelia/docker-compose.yml diff --git a/security/authelia/docker-compose.yml b/security/authelia/docker-compose.yml new file mode 100644 index 0000000..a16a041 --- /dev/null +++ b/security/authelia/docker-compose.yml @@ -0,0 +1,36 @@ +name: authelia +services: + authelia: + container_name: authelia + image: authelia/authelia:latest + restart: unless-stopped + environment: + AUTHELIA_JWT_SECRET_FILE: /secrets/jwt_secret.txt + AUTHELIA_SESSION_SECRET_FILE: /secrets/session_secret.txt + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /secrets/storage_encryption_key.txt + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /secrets/postgres_password.txt + volumes: + - /mnt/user/appdata/authelia/config:/config:ro + - /mnt/user/appdata/secrets/authelia_jwt_secret.txt:/secrets/jwt_secret.txt:ro + - /mnt/user/appdata/secrets/authelia_session_secret.txt:/secrets/session_secret.txt:ro + - /mnt/user/appdata/secrets/authelia_storage_encryption_key.txt:/secrets/storage_encryption_key.txt:ro + - /mnt/user/appdata/secrets/authelia_postgres_password.txt:/secrets/postgres_password.txt:ro + networks: + - frontend_net + - backend_net + security_opt: + - no-new-privileges:true + labels: + - "traefik.enable=true" + - "traefik.docker.network=frontend_net" + - "traefik.http.routers.authelia.rule=Host(`auth.kaleschke.info`)" + - "traefik.http.routers.authelia.entrypoints=websecure" + - "traefik.http.routers.authelia.tls=true" + - "traefik.http.routers.authelia.tls.certresolver=le" + - "traefik.http.services.authelia.loadbalancer.server.port=9091" + +networks: + frontend_net: + external: true + backend_net: + external: true \ No newline at end of file