syncthing & mealie

This commit is contained in:
Brieuc Dubois 2024-05-30 15:15:31 +02:00
parent f60bede85f
commit c42f64d273
3 changed files with 52 additions and 11 deletions

View File

@ -1,28 +1,34 @@
services:
mealie:
container_name: mealie
image: hkotel/mealie:v0.5.6
image: hkotel/mealie:latest
restart: always
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
- RECIPE_PUBLIC=true
- RECIPE_SHOW_NUTRITION=true
- RECIPE_SHOW_ASSETS=true
- RECIPE_LANDSCAPE_VIEW=true
- RECIPE_DISABLE_COMMENTS=true
- RECIPE_DISABLE_AMOUNT=false
- MAX_WORKERS=1
- WEB_CONCURRENCY=1
- BASE_URL=https://recipes.bhasher.com
- OIDC_AUTH_ENABLED=true
- OIDC_SIGNUP_ENABLE=true
- OIDC_REMEMBER_ME=true
- OIDC_AUTO_REDIRECT=true
- OIDC_CONFIGURATION_URL=https://idp.bhasher.com/.well-known/openid-configuration
- OIDC_CLIENT_ID=mealie
- OIDC_PROVIDER_NAME=Authelia
- OIDC_USER_GROUP=everybody
- OIDC_ADMIN_GROUP=admin
labels:
- "traefik.enable=true"
- "traefik.http.routers.mealie.rule=Host(`mealie.bhasher.com`)"
- "traefik.http.services.mealie.loadbalancer.server.port=80"
- "traefik.http.routers.mealie.rule=Host(`recipes.bhasher.com`)"
- "traefik.http.services.mealie.loadbalancer.server.port=9000"
- "traefik.http.routers.mealie.tls=true"
- "traefik.http.routers.mealie.tls.certresolver=http"
- "traefik.http.routers.mealie.entrypoints=internalsecure,externalsecure"
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- $DATA/mealie/:/app/data
- $DATA/mealiev1/:/app/data
networks:
- external

View File

@ -9,7 +9,7 @@ services:
volumes:
- $DATA/syncthing:/var/syncthing:rw
- /mnt/syncDocuments:/mnt/SyncDocuments:rw
- /mnt/brieuc-pictures:/mnt/pictures:rw
- /mnt/brieuc:/mnt/brieuc:rw
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing.rule=Host(`syncthing.bhasher.com`)"

View File

@ -62,6 +62,19 @@ access_control:
policy: two_factor
subject:
- "group:admin"
- domain: 'mealie.bhasher.com'
policy: one_factor
subject:
- "group:member"
methods:
- "GET"
- "HEAD"
- "POST"
- "PUT"
- "DELETE"
- "CONNECT"
- "OPTIONS"
- "TRACE"
- domain: '*.bhasher.com'
policy: one_factor
subject:
@ -125,6 +138,13 @@ telemetry:
identity_providers:
oidc:
enforce_pkce: public_clients_only
cors:
allowed_origins_from_client_redirect_uris: true
endpoints:
- 'authorization'
- 'token'
- 'revocation'
- 'introspection'
clients:
- id: grafana
description: Grafana
@ -237,3 +257,18 @@ identity_providers:
- groups
userinfo_signing_algorithm: none
- id: mealie
description: Mealie
public: true
authorization_policy: one_factor
redirect_uris:
- https://recipes.bhasher.com/login
- https://recipes.bhasher.com/login?direct=1
consent_mode: implicit
scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none