fixup

.gitignore

@@ -0,0 +1,29 @@
+# Secrets and sensitive files
+secrets.md
+*.secret
+*.key
+*.pem
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# IDE files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Logs
+*.log
+logs/
+
+# Temporary files
+*.tmp
+*.temp 

authelia-dev-config.yml

@@ -0,0 +1,49 @@
+---
+# Authelia Development Configuration
+# Minimal config for local development
+
+server:
+  address: tcp://0.0.0.0:9091
+
+log:
+  level: debug
+
+identity_validation:
+  reset_password:
+    jwt_secret: DoXL9Z1aCrXQ3Ylc2J9MWLO8QeseI8W6F91R0lS0SIE=
+
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+
+access_control:
+  default_policy: one_factor
+  rules:
+    - domain: ["dev.local.com"]
+      policy: one_factor
+
+session:
+  cookies:
+    - name: authelia_session
+      domain: dev.local.com
+      authelia_url: http://dev.local.com:9091
+  secret: DoXL9Z1aCrXQ3Ylc2J9MWLO8QeseI8W6F91R0lS0SIE=
+  expiration: 1h
+  inactivity: 5m
+
+regulation:
+  max_retries: 3
+  find_time: 120
+  ban_time: 300
+
+storage:
+  local:
+    path: /data/db.sqlite3
+  encryption_key: DvbtMjsNDIC3eqtNaPtdHm/f07dtlHREgieDStTu9NA=
+
+notifier:
+  filesystem:
+    filename: /data/notification.txt
+
+totp:
+  issuer: authelia.com 

docker-compose.dev.yml

@@ -0,0 +1,163 @@
+services:
+  mariadb:
+    image: mariadb:latest
+    container_name: authelia_mariadb
+    environment:
+      MYSQL_ROOT_PASSWORD: dev_authelia_root
+      MYSQL_DATABASE: authelia
+      MYSQL_USER: authelia
+      MYSQL_PASSWORD: authelia
+    volumes:
+      - mariadb_data:/var/lib/mysql
+    # No ports exposed - internal only
+    networks:
+      - authelia_dev
+    healthcheck:
+      test: ["CMD", "/usr/local/bin/healthcheck.sh", "--su-mysql", "--connect", "--innodb_initialized"]
+      start_period: 30s
+      interval: 30s
+      timeout: 10s
+      retries: 5
+
+  redis:
+    image: redis:latest
+    container_name: authelia_redis
+    command: redis-server --appendonly yes
+    volumes:
+      - redis_data:/data
+    # No ports exposed - internal only
+    networks:
+      - authelia_dev
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      start_period: 10s
+      interval: 30s
+      timeout: 5s
+      retries: 3
+
+  lldap:
+    image: nitnelave/lldap:latest
+    container_name: lldap_lldap
+    volumes:
+      - lldap_data:/data
+    environment:
+      - LLDAP_JWT_SECRET=I2sNvGvhzZlTJWPfNL9MBPFGhyG/gWU5wHz6wFsIC3I=
+      - LLDAP_LDAP_USER_PASS=/ETAToLiZPWo6QK171abAUqsa3WDpd9IgneZnTA4zU0=
+      - LLDAP_LDAP_BASE_DN=dc=nixc,dc=us
+      - PUID=33
+      - PGID=33
+    ports:
+      # Only expose web UI for manual testing
+      - "17170:17170"  # Web interface port
+    networks:
+      - authelia_dev
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:17170/health"]
+      start_period: 10s
+      interval: 30s
+      timeout: 5s
+      retries: 3
+
+  authelia:
+    build:
+      context: ./docker/authelia/
+      dockerfile: Dockerfile
+    image: git.nixc.us/nixius/authelia:dev-authelia
+    container_name: authelia_dev_main
+    command:
+      - sh
+      - -c
+      - |
+        # Create the secrets directory and populate with environment variables
+        mkdir -p /run/secrets
+        echo "$${IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET}" > /run/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
+        echo "$${STORAGE_ENCRYPTION_KEY}" > /run/secrets/STORAGE_ENCRYPTION_KEY
+        echo "$${SESSION_SECRET}" > /run/secrets/SESSION_SECRET
+        echo "$${NOTIFIER_SMTP_PASSWORD}" > /run/secrets/NOTIFIER_SMTP_PASSWORD
+        echo "$${AUTHENTICATION_BACKEND_LDAP_PASSWORD}" > /run/secrets/AUTHENTICATION_BACKEND_LDAP_PASSWORD
+        echo "$${IDENTITY_PROVIDERS_OIDC_HMAC_SECRET}" > /run/secrets/IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
+        echo "$${IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY}" > /run/secrets/IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY
+        echo "$${IDENTITY_PROVIDERS_OIDC_JWKS_KEY}" > /run/secrets/IDENTITY_PROVIDERS_OIDC_JWKS_KEY
+        echo "$${CLIENT_SECRET_HEADSCALE}" > /run/secrets/CLIENT_SECRET_HEADSCALE
+        echo "$${CLIENT_SECRET_HEADADMIN}" > /run/secrets/CLIENT_SECRET_HEADADMIN
+        # Start Authelia with original command
+        exec authelia --config=/config/configuration.server.yml --config=/config/configuration.ldap.yml --config=/config/configuration.acl.yml
+    environment:
+      # Template environment variables
+      X_AUTHELIA_EMAIL: authelia@nixc.us
+      X_AUTHELIA_SITE_NAME: ATLAS-DEV
+      X_AUTHELIA_CONFIG_FILTERS: template
+      X_AUTHELIA_LDAP_DOMAIN: dc=nixc,dc=us
+      TRAEFIK_DOMAIN: dev.local.com
+      # Development secrets for templates
+      IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET: DoXL9Z1aCrXQ3Ylc2J9MWLO8QeseI8W6F91R0lS0SIE=
+      STORAGE_ENCRYPTION_KEY: DvbtMjsNDIC3eqtNaPtdHm/f07dtlHREgieDStTu9NA=
+      SESSION_SECRET: DoXL9Z1aCrXQ3Ylc2J9MWLO8QeseI8W6F91R0lS0SIE=
+      NOTIFIER_SMTP_PASSWORD: 8P7ah6U5ZjbQ2Faaw1fJoehxJrMOslCu
+      AUTHENTICATION_BACKEND_LDAP_PASSWORD: /ETAToLiZPWo6QK171abAUqsa3WDpd9IgneZnTA4zU0=
+      IDENTITY_PROVIDERS_OIDC_HMAC_SECRET: Pq5+dkrmh04daeSEPEXGq6JniiPsgJ6nHBi/ettUGLSKcuZtnaw3em8/BCXn2iFhUqTRdLSeCiWMbo+oEl/ZYA==
+      IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY: |
+        -----BEGIN PRIVATE KEY-----
+        MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC0JC4jaDhdqk3U
+        0yDwAh5JVQR84htkPY0Trf5VQYNnBhglo2CqRm6jwjzfOJLBruCUokbG5wJL+OU8
+        zDm3aQAhF0xWPEr1ad1U+fIezdF4pZ0fDHVAG9MYTwZYD8iYQclVhoKA8M6/gT15
+        QHq0Fzfgf4U5dmsNH2CWiFi+TAWQ85bxLiXchTnRkoyZ445xBqCuthJyvvUtrZrl
+        dCAcnNJ6kdGypXwqAuOGrRDz1g9cv52aoJC0k747EnMcmm1HEuR2zGXyw2RM+Sbu
+        GrUhLk2vCE448zKXuJGEckalMn2yBfaf5RsZYC9j7SwB0ehyNk5Bn4tKuPt38C7T
+        wWkIoI/DAgMBAAECggEAAIQB/2cmK8GrC14dwAVUu0NoPRTgnMulHCNPxERPV5Va
+        4fCy/CNlE0iHdODsLdKN7gVkGOAPnGwP+LnIIh0Sbp9q2bkk3C/IMTZ6wCY5E64i
+        e85E7HQOVjytRfjb/on7RSianKF6PG4Z4PKTgPFE30c+K5XwZIJse/UHKM3kgWLp
+        exKVvYyKDrERunDJqZbYsxSnixk8TavOWFHkpk0wHYvxso6a7jQfEjDWh3N7lduj
+        RlaesSO+NJrZDq44zbyJNsFjh4DsNITdBwYXERPUS33Dp+IlrD2SeQMtMBtz+7Ha
+        Pd8jMpx8Fw/S3CnjSYRRzDj5Z21EfspfoO6v1ULA0QKBgQDyQejBS7QNwNRIcnhO
+        b6TVOPmqcOL9gR/mkC4VmWFvf4pTA69OOuU/gHeF6+J40Z4tuFggHMoPmZuPi9AL
+        GSp2UZQHYa7BxTk7XxESflF/8HzgbtFtK/0dUp1l2JN26qha+djQADFFPNWs8abX
+        wpbKfjPqLzwR8K5kCtbd3WWDrwKBgQC+XDajJ6I4k9hwfYDxb35UkNFjboK4NfTY
+        u5Eiz1NhbqqkNV8idZhadJfnbgIAymqr9Yf9M9ncAbuUhCDI2r/VL1CLMx/y/DGH
+        RxlXWq4sArG1xpR1Muc9W8tTT9cf9XDMmuL81wYccXGqv3RpYQM/VtYIRSWvC0HE
+        FxZCGPa2LQKBgHlg1IGksH4Dk1kJIYYLIgdDGLRxAwoI3DblHnHr+4ml2WRmgDst
+        /xamAzyyRzJJtHsr1duhEQxn5i0x2/bzkPbfQM/B/ZFQg7BfnWoqqCL2F1tLqtqM
+        I7HBZuNUc+4s/FU4wYzVy9no9RZFrVaFRJAIU3KOYAaNFJNDawyWlPo5AoGARe6C
+        c/W/dqF5xfmVQR0Af/ijs6+Jfjr0NBrT+sHHk+ef8Ktaw8IHslNa6r5TJg82mO2e
+        g7pksppAWxMfKCqUhrDXGgwyFIXpfBT2jkzV530l4+2L5HJK2RO74mNWWHtGcSQF
+        d3VW3WQfqeaj0YK+Oqqf/nHIokG0a2E/4BBjshECgYAnlU2Fl7uI1lQBbWsckaQ9
+        EVeSDtrRvNuER0Eh3WFni9affOqB9qAZXNfCZ+goFJoNgk4fww0OqmewX9Y18/3a
+        vsrm7L7OKFFlM6vmIG1nPX/s5l++mkMe+qRd4B7C4NSF0bzJlweTozQFDp+prp1y
+        SHERk3EUdAZn7yyIISd/Qg==
+        -----END PRIVATE KEY-----
+      IDENTITY_PROVIDERS_OIDC_JWKS_KEY: mbfKKlpQ5QEzrmBCCcOg7yubDBKZtKCAiL7rGtVdMq/hpCorO+Qiei2fKbB/xieDS3BIg5BMza5fZm5w0hMiNA==
+      CLIENT_SECRET_HEADSCALE: t4Hvp6DnpA0T+0ePbdx8lPIAujFMrkjEnx5aMQkMFiA=
+      CLIENT_SECRET_HEADADMIN: RAxwkJxwMBSYkaA0r+D5qZdEFIrVEZJbigOPtkCBED8=
+    volumes:
+      - authelia_data:/data
+    ports:
+      - "9091:9091"
+    networks:
+      - authelia_dev
+    depends_on:
+      redis:
+        condition: service_healthy
+      mariadb:
+        condition: service_healthy
+      lldap:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9091/api/health"]
+      start_period: 15s
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+networks:
+  authelia_dev:
+    driver: bridge
+
+volumes:
+  mariadb_data:
+    driver: local
+  redis_data:
+    driver: local
+  authelia_data:
+    driver: local
+  lldap_data:
+    driver: local 

docker-compose.simple.yml

@@ -0,0 +1,93 @@
+services:
+  mariadb:
+    image: mariadb:latest
+    container_name: authelia_simple_mariadb
+    environment:
+      MYSQL_ROOT_PASSWORD: dev_authelia_root
+      MYSQL_DATABASE: authelia
+      MYSQL_USER: authelia
+      MYSQL_PASSWORD: dev_authelia_db
+    volumes:
+      - mariadb_data:/var/lib/mysql
+    networks:
+      - authelia_dev
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "authelia", "-pdev_authelia_db"]
+      start_period: 15s
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  redis:
+    image: redis:latest
+    container_name: authelia_simple_redis
+    command: redis-server --appendonly yes
+    volumes:
+      - redis_data:/data
+    networks:
+      - authelia_dev
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      start_period: 10s
+      interval: 30s
+      timeout: 5s
+      retries: 3
+
+  lldap:
+    image: nitnelave/lldap:latest
+    container_name: authelia_simple_lldap
+    volumes:
+      - lldap_data:/data
+    environment:
+      - LLDAP_JWT_SECRET=I2sNvGvhzZlTJWPfNL9MBPFGhyG/gWU5wHz6wFsIC3I=
+      - LLDAP_LDAP_USER_PASS=/ETAToLiZPWo6QK171abAUqsa3WDpd9IgneZnTA4zU0=
+      - LLDAP_LDAP_BASE_DN=dc=nixc,dc=us
+      - PUID=33
+      - PGID=33
+    ports:
+      - "17170:17170"
+    networks:
+      - authelia_dev
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:17170/health"]
+      start_period: 10s
+      interval: 30s
+      timeout: 5s
+      retries: 3
+
+  authelia:
+    image: authelia/authelia:latest
+    container_name: authelia_simple_main
+    environment:
+      AUTHELIA_SERVER_HOST: 0.0.0.0
+      AUTHELIA_SERVER_PORT: 9091
+      AUTHELIA_LOG_LEVEL: debug
+    ports:
+      - "9091:9091"
+    networks:
+      - authelia_dev
+    depends_on:
+      mariadb:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      lldap:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9091/api/health"]
+      start_period: 15s
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+networks:
+  authelia_dev:
+    driver: bridge
+
+volumes:
+  mariadb_data:
+    driver: local
+  redis_data:
+    driver: local
+  lldap_data:
+    driver: local 

docker/redis/Dockerfile

@@ -1 +1,7 @@
-FROM ghcr.io/microsoft/garnet
+FROM redis:latest
+
+# Copy any custom configuration if needed
+# COPY redis.conf /usr/local/etc/redis/redis.conf
+
+# Use the default Redis configuration with persistence enabled
+CMD ["redis-server", "--appendonly", "yes"]

stack.production.yml

@@ -29,6 +29,14 @@ networks:
   ad:
     external: true
 
+volumes:
+  authelia_config:
+    driver: local
+  authelia_redis_data:
+    driver: local
+  authelia_mariadb_data:
+    driver: local
+
 services:
   authelia:
     image: git.nixc.us/nixius/authelia:production-authelia
@@ -52,7 +60,7 @@ services:
       - 1.1.1.1 # Cloudflare
       - 9.9.9.9 # Quad9
     volumes:
-      - /mnt/tank/persist/nixc.us/authelia/production/config:/config:rw
+      - authelia_config:/config:rw
     networks:
       - traefik
       - default
@@ -104,7 +112,7 @@ services:
     image: git.nixc.us/nixius/authelia:production-redis
     command: redis-server --appendonly yes
     volumes:
-      - /mnt/tank/persist/nixc.us/authelia/production/redis:/data:rw
+      - authelia_redis_data:/data:rw
     networks:
       - default
     deploy:
@@ -141,7 +149,7 @@ services:
       MYSQL_USER: authelia
       MYSQL_PASSWORD: authelia
     volumes:
-      - /mnt/tank/persist/nixc.us/authelia/production/db:/var/lib/mysql:rw
+      - authelia_mariadb_data:/var/lib/mysql:rw
     networks:
       - default
     deploy:

stack.staging.yml

@@ -13,6 +13,14 @@ networks:
   ad:
     external: true
 
+volumes:
+  authelia_staging_config:
+    driver: local
+  authelia_staging_redis_data:
+    driver: local
+  authelia_staging_mariadb_data:
+    driver: local
+
 services:
   authelia:
     image: git.nixc.us/nixius/authelia:staging-authelia
@@ -25,7 +33,7 @@ services:
       - --config=/config/configuration.oidc.clients.yml
     environment: *authelia-env
     volumes:
-      - /mnt/tank/persist/nixc.us/authelia/staging/config:/config:rw
+      - authelia_staging_config:/config:rw
     networks:
       - traefik
       - default
@@ -67,7 +75,7 @@ services:
     image: git.nixc.us/nixius/authelia:staging-redis
     command: redis-server --appendonly yes
     volumes:
-      - /mnt/tank/persist/nixc.us/authelia/staging/redis:/data:rw
+      - authelia_staging_redis_data:/data:rw
     networks:
       - default
     deploy:
@@ -98,7 +106,7 @@ services:
       MYSQL_USER: authelia
       MYSQL_PASSWORD: authelia
     volumes:
-      - /mnt/tank/persist/nixc.us/authelia/staging/db:/var/lib/mysql:rw
+      - authelia_staging_mariadb_data:/var/lib/mysql:rw
     networks:
       - default
     deploy:
@@ -112,8 +120,6 @@ services:
       placement:
         constraints:
           - node.hostname == ingress.nixc.us
-     
-
       labels:
         us.nixc.autodeploy: "true"
         traefik.enable: "false"

users_database.yml

@@ -0,0 +1,19 @@
+---
+# Authelia Development Users Database
+# Password: password (bcrypt hashed)
+
+users:
+  authelia:
+    displayname: "Authelia User"
+    password: "$2a$10$3EtQKrGrfQJDdUZ4W3zWcuKU9KN7k/XC4EQFOKZvIrQJXQFQy1H6K"  # password
+    email: authelia@dev.local
+    groups:
+      - admins
+      - dev
+
+  testuser:
+    displayname: "Test User"
+    password: "$2a$10$3EtQKrGrfQJDdUZ4W3zWcuKU9KN7k/XC4EQFOKZvIrQJXQFQy1H6K"  # password
+    email: testuser@dev.local
+    groups:
+      - dev