feat(security/authelia): add Authelia stack (Sprint 7)

2026-03-29 12:23:16 +00:00
parent 6d702e9d3e
commit e19cea7e76
1 changed files with 36 additions and 0 deletions
@@ -0,0 +1,36 @@
+name: authelia
+services:
+  authelia:
+    container_name: authelia
+    image: authelia/authelia:latest
+    restart: unless-stopped
+    environment:
+      AUTHELIA_JWT_SECRET_FILE: /secrets/jwt_secret.txt
+      AUTHELIA_SESSION_SECRET_FILE: /secrets/session_secret.txt
+      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: /secrets/storage_encryption_key.txt
+      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: /secrets/postgres_password.txt
+    volumes:
+      - /mnt/user/appdata/authelia/config:/config:ro
+      - /mnt/user/appdata/secrets/authelia_jwt_secret.txt:/secrets/jwt_secret.txt:ro
+      - /mnt/user/appdata/secrets/authelia_session_secret.txt:/secrets/session_secret.txt:ro
+      - /mnt/user/appdata/secrets/authelia_storage_encryption_key.txt:/secrets/storage_encryption_key.txt:ro
+      - /mnt/user/appdata/secrets/authelia_postgres_password.txt:/secrets/postgres_password.txt:ro
+    networks:
+      - frontend_net
+      - backend_net
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=frontend_net"
+      - "traefik.http.routers.authelia.rule=Host(`auth.kaleschke.info`)"
+      - "traefik.http.routers.authelia.entrypoints=websecure"
+      - "traefik.http.routers.authelia.tls=true"
+      - "traefik.http.routers.authelia.tls.certresolver=le"
+      - "traefik.http.services.authelia.loadbalancer.server.port=9091"
+
+networks:
+  frontend_net:
+    external: true
+  backend_net:
+    external: true