IDP update

2023-04-28 23:29:02 +02:00 · 2023-04-28 23:29:02 +02:00 · a4a0b6219b
parent 6033bebef3
commit a4a0b6219b
5 changed files with 88 additions and 20 deletions
--- a/bxl-rpi/apps/docker-compose.mediaserver.yaml
+++ b/bxl-rpi/apps/docker-compose.mediaserver.yaml
@ -20,6 +20,7 @@ services:
    - "traefik.http.routers.jellyfin.tls=true"
    - "traefik.http.routers.jellyfin.tls.certresolver=http"
    networks:
+    - auth
    - external

  radarr:
--- a/bxl-rpi/apps/docker-compose.yourls.yaml
+++ b/bxl-rpi/apps/docker-compose.yourls.yaml
@ -0,0 +1,47 @@
+services:
+  shlink:
+    container_name: shlink
+    image: shlinkio/shlink:latest
+    environment:
+    - DEFAULT_DOMAIN=s.bhasher.com
+    - IS_HTTPS_ENABLED=true
+    #- GEOLITE_LICENSE_KEY=${GEOLITE_LICENSE_KEY}
+    - DB_DRIVER=postgres
+    - DB_NAME=shlink
+    - DB_USER=postgres
+    - DB_PASSWORD=${POSTGRES_PASSWORD}
+    - DB_HOST=postgres
+    - DB_PORT=5432
+    #- REDIS_SERVERS=redis
+    - DEFAULT_QR_CODE_MARGIN=20
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.shlink.rule=Host(`s.bhasher.com`)"
+    - "traefik.http.services.shlink.loadbalancer.server.port=8080"
+    - "traefik.http.routers.shlink.tls=true"
+    - "traefik.http.routers.shlink.tls.certresolver=http"
+    - "traefik.http.routers.shlink.entrypoints=internalsecure,externalsecure"
+    networks:
+    - external
+    - storage
+
+  shlink_ui:
+    container_name: shlink_ui
+    image: shlinkio/shlink-web-client
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.shlinkui.rule=Host(`shlink.bhasher.com`)"
+    - "traefik.http.services.shlinkui.loadbalancer.server.port=80"
+    - "traefik.http.routers.shlinkui.tls=true"
+    - "traefik.http.routers.shlinkui.tls.certresolver=http"
+    - "traefik.http.routers.shlinkui.entrypoints=internalsecure,externalsecure"
+    volumes:
+    - $DATA/shlink/servers.json:/usr/share/nginx/html/servers.json
+    networks:
+    - external
+
+networks:
+  external:
+    external: true
+  storage:
+    external: true
--- a/bxl-rpi/config/idp/authelia.configuration.yaml
+++ b/bxl-rpi/config/idp/authelia.configuration.yaml
@ -41,10 +41,6 @@ authentication_backend:
 access_control:
  default_policy: deny
  rules:
-  - domain: '*.bhasher.com'
-    policy: two_factor
-    subject:
-    - "group:admin"
  - domain: 'radarr.bhasher.com'
    policy: one_factor
    subject:
@ -57,6 +53,14 @@ access_control:
    policy: one_factor
    subject:
    - "group:mediaserver"
+  - domain: 'lum.bhasher.com'
+    policy: two_factor
+    subject:
+    - "group:admin"
+  - domain: '*.bhasher.com'
+    policy: one_factor
+    subject:
+    - "group:admin"

 session:
  name: auth_session
@ -100,6 +104,19 @@ password_policy:
    require_number: false
    require_special: false

+telemetry:
+  metrics:
+    enabled: true
+    address: "tcp://0.0.0.0:9959"
+    buffers:
+      read: 4096
+      write: 4096
+    timeouts:
+      read: 6s
+      write: 6s
+      idle: 30s
+
+
 identity_providers:
  oidc:
    enforce_pkce: public_clients_only
--- a/bxl-rpi/config/monitoring/prometheus.yaml
+++ b/bxl-rpi/config/monitoring/prometheus.yaml
@ -34,3 +34,7 @@ scrape_configs:
    static_configs:
          - targets: ['traefik:8080']

+  - job_name: 'authelia'
+    scrape_interval: 15s
+    static_configs:
+          - targets: ['authelia:9959']
--- a/bxl-rpi/system/docker-compose.monitoring.yaml
+++ b/bxl-rpi/system/docker-compose.monitoring.yaml
@ -1,6 +1,6 @@
 services:
-  prom_monitoring:
-    container_name: prom_monitoring
+  prometheus:
+    container_name: prometheus
    image:  prom/prometheus:latest
    restart: unless-stopped
    labels:
@ -68,10 +68,10 @@ services:
    container_name: cadvisor
    image: gcr.io/cadvisor/cadvisor:v0.47.1
    volumes:
-      - /:/rootfs:ro
-      - /var/run:/var/run:rw
-      - /sys:/sys:ro
-      - /var/lib/docker/:/var/lib/docker:ro
+    - /:/rootfs:ro
+    - /var/run:/var/run:rw
+    - /sys:/sys:ro
+    - /var/lib/docker/:/var/lib/docker:ro
    restart: always
    networks:
    - monitoring
@ -80,21 +80,20 @@ services:
    container_name: node-exporter
    image: quay.io/prometheus/node-exporter:latest
    volumes:
-      - /proc:/host/proc:ro
-      - /sys:/host/sys:ro
-      - /:/rootfs:ro
-      - /:/host:ro,rslave
+    - /proc:/host/proc:ro
+    - /sys:/host/sys:ro
+    - /:/rootfs:ro
+    - /:/host:ro,rslave
    command:
-      - '--path.rootfs=/host'
-      - '--path.procfs=/host/proc'
-      - '--path.sysfs=/host/sys'
-      - --collector.filesystem.ignored-mount-points
-      - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
+    - '--path.rootfs=/host'
+    - '--path.procfs=/host/proc'
+    - '--path.sysfs=/host/sys'
+    - --collector.filesystem.ignored-mount-points
+    - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
    restart: always
    networks:
    - monitoring

-
 networks:
  monitoring:
  external: