syncthing & mealie

2024-05-30 15:15:31 +02:00 · 2024-05-30 15:15:31 +02:00 · c42f64d273
parent f60bede85f
commit c42f64d273
3 changed files with 52 additions and 11 deletions
--- a/bxl-shp/apps/docker-compose.mealie.yaml
+++ b/bxl-shp/apps/docker-compose.mealie.yaml
@ -1,28 +1,34 @@
 services:
  mealie:
    container_name: mealie
-    image: hkotel/mealie:v0.5.6
+    image: hkotel/mealie:latest
    restart: always
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Europe/Paris
-    - RECIPE_PUBLIC=true
-    - RECIPE_SHOW_NUTRITION=true
-    - RECIPE_SHOW_ASSETS=true
-    - RECIPE_LANDSCAPE_VIEW=true
-    - RECIPE_DISABLE_COMMENTS=true
-    - RECIPE_DISABLE_AMOUNT=false
+    - MAX_WORKERS=1
+    - WEB_CONCURRENCY=1
+    - BASE_URL=https://recipes.bhasher.com
+    - OIDC_AUTH_ENABLED=true
+    - OIDC_SIGNUP_ENABLE=true
+    - OIDC_REMEMBER_ME=true
+    - OIDC_AUTO_REDIRECT=true
+    - OIDC_CONFIGURATION_URL=https://idp.bhasher.com/.well-known/openid-configuration
+    - OIDC_CLIENT_ID=mealie
+    - OIDC_PROVIDER_NAME=Authelia
+    - OIDC_USER_GROUP=everybody
+    - OIDC_ADMIN_GROUP=admin
    labels:
    - "traefik.enable=true"
-    - "traefik.http.routers.mealie.rule=Host(`mealie.bhasher.com`)"
-    - "traefik.http.services.mealie.loadbalancer.server.port=80"
+    - "traefik.http.routers.mealie.rule=Host(`recipes.bhasher.com`)"
+    - "traefik.http.services.mealie.loadbalancer.server.port=9000"
    - "traefik.http.routers.mealie.tls=true"
    - "traefik.http.routers.mealie.tls.certresolver=http"
    - "traefik.http.routers.mealie.entrypoints=internalsecure,externalsecure"
    - "com.centurylinklabs.watchtower.enable=true"
    volumes:
-    - $DATA/mealie/:/app/data
+    - $DATA/mealiev1/:/app/data
    networks:
    - external

--- a/bxl-shp/apps/docker-compose.syncthing.yaml
+++ b/bxl-shp/apps/docker-compose.syncthing.yaml
@ -9,7 +9,7 @@ services:
    volumes:
    - $DATA/syncthing:/var/syncthing:rw
    - /mnt/syncDocuments:/mnt/SyncDocuments:rw
-    - /mnt/brieuc-pictures:/mnt/pictures:rw
+    - /mnt/brieuc:/mnt/brieuc:rw
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"
--- a/bxl-shp/config/idp/authelia.configuration.yaml
+++ b/bxl-shp/config/idp/authelia.configuration.yaml
@ -62,6 +62,19 @@ access_control:
    policy: two_factor
    subject:
    - "group:admin"
+  - domain: 'mealie.bhasher.com'
+    policy: one_factor
+    subject:
+    - "group:member"
+    methods:
+    - "GET"
+    - "HEAD"
+    - "POST"
+    - "PUT"
+    - "DELETE"
+    - "CONNECT"
+    - "OPTIONS"
+    - "TRACE"
  - domain: '*.bhasher.com'
    policy: one_factor
    subject:
@ -125,6 +138,13 @@ telemetry:
 identity_providers:
  oidc:
    enforce_pkce: public_clients_only
+    cors:
+      allowed_origins_from_client_redirect_uris: true
+      endpoints:
+        - 'authorization'
+        - 'token'
+        - 'revocation'
+        - 'introspection'
    clients:
    - id: grafana
      description: Grafana
@ -237,3 +257,18 @@ identity_providers:
        - groups
      userinfo_signing_algorithm: none

+    - id: mealie
+      description: Mealie
+      public: true
+      authorization_policy: one_factor
+      redirect_uris:
+        - https://recipes.bhasher.com/login
+        - https://recipes.bhasher.com/login?direct=1
+      consent_mode: implicit
+      scopes:
+        - openid
+        - profile
+        - email
+        - groups
+      userinfo_signing_algorithm: none
+