IDP update

bxl-rpi/apps/docker-compose.mediaserver.yaml

@@ -20,6 +20,7 @@ services:
     - "traefik.http.routers.jellyfin.tls=true"
     - "traefik.http.routers.jellyfin.tls.certresolver=http"
     networks:
+    - auth
     - external
 
   radarr:

bxl-rpi/apps/docker-compose.yourls.yaml

@@ -0,0 +1,47 @@
+services:
+  shlink:
+    container_name: shlink
+    image: shlinkio/shlink:latest
+    environment:
+    - DEFAULT_DOMAIN=s.bhasher.com
+    - IS_HTTPS_ENABLED=true
+    #- GEOLITE_LICENSE_KEY=${GEOLITE_LICENSE_KEY}
+    - DB_DRIVER=postgres
+    - DB_NAME=shlink
+    - DB_USER=postgres
+    - DB_PASSWORD=${POSTGRES_PASSWORD}
+    - DB_HOST=postgres
+    - DB_PORT=5432
+    #- REDIS_SERVERS=redis
+    - DEFAULT_QR_CODE_MARGIN=20
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.shlink.rule=Host(`s.bhasher.com`)"
+    - "traefik.http.services.shlink.loadbalancer.server.port=8080"
+    - "traefik.http.routers.shlink.tls=true"
+    - "traefik.http.routers.shlink.tls.certresolver=http"
+    - "traefik.http.routers.shlink.entrypoints=internalsecure,externalsecure"
+    networks:
+    - external
+    - storage
+
+  shlink_ui:
+    container_name: shlink_ui
+    image: shlinkio/shlink-web-client
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.shlinkui.rule=Host(`shlink.bhasher.com`)"
+    - "traefik.http.services.shlinkui.loadbalancer.server.port=80"
+    - "traefik.http.routers.shlinkui.tls=true"
+    - "traefik.http.routers.shlinkui.tls.certresolver=http"
+    - "traefik.http.routers.shlinkui.entrypoints=internalsecure,externalsecure"
+    volumes:
+    - $DATA/shlink/servers.json:/usr/share/nginx/html/servers.json
+    networks:
+    - external
+
+networks:
+  external:
+    external: true
+  storage:
+    external: true

bxl-rpi/config/idp/authelia.configuration.yaml

@@ -41,10 +41,6 @@ authentication_backend:
 access_control:
   default_policy: deny
   rules:
-  - domain: '*.bhasher.com'
-    policy: two_factor
-    subject:
-    - "group:admin"
   - domain: 'radarr.bhasher.com'
     policy: one_factor
     subject:
@@ -57,6 +53,14 @@ access_control:
     policy: one_factor
     subject:
     - "group:mediaserver"
+  - domain: 'lum.bhasher.com'
+    policy: two_factor
+    subject:
+    - "group:admin"
+  - domain: '*.bhasher.com'
+    policy: one_factor
+    subject:
+    - "group:admin"
 
 session:
   name: auth_session
@@ -100,6 +104,19 @@ password_policy:
     require_number: false
     require_special: false
 
+telemetry:
+  metrics:
+    enabled: true
+    address: "tcp://0.0.0.0:9959"
+    buffers:
+      read: 4096
+      write: 4096
+    timeouts:
+      read: 6s
+      write: 6s
+      idle: 30s
+
+
 identity_providers:
   oidc:
     enforce_pkce: public_clients_only

bxl-rpi/config/monitoring/prometheus.yaml

@@ -34,3 +34,7 @@ scrape_configs:
     static_configs:
           - targets: ['traefik:8080']
 
+  - job_name: 'authelia'
+    scrape_interval: 15s
+    static_configs:
+          - targets: ['authelia:9959']

bxl-rpi/system/docker-compose.monitoring.yaml

@@ -1,6 +1,6 @@
 services:
-  prom_monitoring:
+  prometheus:
-    container_name: prom_monitoring
+    container_name: prometheus
     image:  prom/prometheus:latest
     restart: unless-stopped
     labels:
@@ -94,7 +94,6 @@ services:
     networks:
     - monitoring
 
-
 networks:
   monitoring:
   external: