IDP update

This commit is contained in:
Brieuc Dubois 2023-04-28 23:29:02 +02:00 committed by Bhasher
parent 6033bebef3
commit a4a0b6219b
5 changed files with 88 additions and 20 deletions

View File

@ -20,6 +20,7 @@ services:
- "traefik.http.routers.jellyfin.tls=true" - "traefik.http.routers.jellyfin.tls=true"
- "traefik.http.routers.jellyfin.tls.certresolver=http" - "traefik.http.routers.jellyfin.tls.certresolver=http"
networks: networks:
- auth
- external - external
radarr: radarr:

View File

@ -0,0 +1,47 @@
services:
shlink:
container_name: shlink
image: shlinkio/shlink:latest
environment:
- DEFAULT_DOMAIN=s.bhasher.com
- IS_HTTPS_ENABLED=true
#- GEOLITE_LICENSE_KEY=${GEOLITE_LICENSE_KEY}
- DB_DRIVER=postgres
- DB_NAME=shlink
- DB_USER=postgres
- DB_PASSWORD=${POSTGRES_PASSWORD}
- DB_HOST=postgres
- DB_PORT=5432
#- REDIS_SERVERS=redis
- DEFAULT_QR_CODE_MARGIN=20
labels:
- "traefik.enable=true"
- "traefik.http.routers.shlink.rule=Host(`s.bhasher.com`)"
- "traefik.http.services.shlink.loadbalancer.server.port=8080"
- "traefik.http.routers.shlink.tls=true"
- "traefik.http.routers.shlink.tls.certresolver=http"
- "traefik.http.routers.shlink.entrypoints=internalsecure,externalsecure"
networks:
- external
- storage
shlink_ui:
container_name: shlink_ui
image: shlinkio/shlink-web-client
labels:
- "traefik.enable=true"
- "traefik.http.routers.shlinkui.rule=Host(`shlink.bhasher.com`)"
- "traefik.http.services.shlinkui.loadbalancer.server.port=80"
- "traefik.http.routers.shlinkui.tls=true"
- "traefik.http.routers.shlinkui.tls.certresolver=http"
- "traefik.http.routers.shlinkui.entrypoints=internalsecure,externalsecure"
volumes:
- $DATA/shlink/servers.json:/usr/share/nginx/html/servers.json
networks:
- external
networks:
external:
external: true
storage:
external: true

View File

@ -41,10 +41,6 @@ authentication_backend:
access_control: access_control:
default_policy: deny default_policy: deny
rules: rules:
- domain: '*.bhasher.com'
policy: two_factor
subject:
- "group:admin"
- domain: 'radarr.bhasher.com' - domain: 'radarr.bhasher.com'
policy: one_factor policy: one_factor
subject: subject:
@ -57,6 +53,14 @@ access_control:
policy: one_factor policy: one_factor
subject: subject:
- "group:mediaserver" - "group:mediaserver"
- domain: 'lum.bhasher.com'
policy: two_factor
subject:
- "group:admin"
- domain: '*.bhasher.com'
policy: one_factor
subject:
- "group:admin"
session: session:
name: auth_session name: auth_session
@ -100,6 +104,19 @@ password_policy:
require_number: false require_number: false
require_special: false require_special: false
telemetry:
metrics:
enabled: true
address: "tcp://0.0.0.0:9959"
buffers:
read: 4096
write: 4096
timeouts:
read: 6s
write: 6s
idle: 30s
identity_providers: identity_providers:
oidc: oidc:
enforce_pkce: public_clients_only enforce_pkce: public_clients_only

View File

@ -34,3 +34,7 @@ scrape_configs:
static_configs: static_configs:
- targets: ['traefik:8080'] - targets: ['traefik:8080']
- job_name: 'authelia'
scrape_interval: 15s
static_configs:
- targets: ['authelia:9959']

View File

@ -1,6 +1,6 @@
services: services:
prom_monitoring: prometheus:
container_name: prom_monitoring container_name: prometheus
image: prom/prometheus:latest image: prom/prometheus:latest
restart: unless-stopped restart: unless-stopped
labels: labels:
@ -68,10 +68,10 @@ services:
container_name: cadvisor container_name: cadvisor
image: gcr.io/cadvisor/cadvisor:v0.47.1 image: gcr.io/cadvisor/cadvisor:v0.47.1
volumes: volumes:
- /:/rootfs:ro - /:/rootfs:ro
- /var/run:/var/run:rw - /var/run:/var/run:rw
- /sys:/sys:ro - /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro - /var/lib/docker/:/var/lib/docker:ro
restart: always restart: always
networks: networks:
- monitoring - monitoring
@ -80,21 +80,20 @@ services:
container_name: node-exporter container_name: node-exporter
image: quay.io/prometheus/node-exporter:latest image: quay.io/prometheus/node-exporter:latest
volumes: volumes:
- /proc:/host/proc:ro - /proc:/host/proc:ro
- /sys:/host/sys:ro - /sys:/host/sys:ro
- /:/rootfs:ro - /:/rootfs:ro
- /:/host:ro,rslave - /:/host:ro,rslave
command: command:
- '--path.rootfs=/host' - '--path.rootfs=/host'
- '--path.procfs=/host/proc' - '--path.procfs=/host/proc'
- '--path.sysfs=/host/sys' - '--path.sysfs=/host/sys'
- --collector.filesystem.ignored-mount-points - --collector.filesystem.ignored-mount-points
- "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)" - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
restart: always restart: always
networks: networks:
- monitoring - monitoring
networks: networks:
monitoring: monitoring:
external: external: