From aa364b9637a1da58920f93cc82e93c08b999bc97 Mon Sep 17 00:00:00 2001 From: colin Date: Tue, 3 Jun 2025 21:17:13 -0400 Subject: [PATCH] Update stack.production.yml --- stack.production.yml | 108 +++++++++++++++++++++++++++---------------- 1 file changed, 67 insertions(+), 41 deletions(-) diff --git a/stack.production.yml b/stack.production.yml index bae158a..55adc54 100644 --- a/stack.production.yml +++ b/stack.production.yml @@ -1,12 +1,9 @@ -version: '3.7' x-authelia-env: &authelia-env - X_AUTHELIA_EMAIL: "authelia@nixc.us" + X_AUTHELIA_EMAIL: authelia@nixc.us X_AUTHELIA_SITE_NAME: ATLAS - # X_AUTHELIA_DUO_HOSTNAME: my_duo_hostname X_AUTHELIA_CONFIG_FILTERS: template X_AUTHELIA_LDAP_DOMAIN: dc=nixc,dc=us TRAEFIK_DOMAIN: nixc.us - # CONFIG: /home/deleted-porcupine/docker-configs secrets: AUTHENTICATION_BACKEND_LDAP_PASSWORD: @@ -37,6 +34,7 @@ networks: external: true ad: external: true + services: authelia: image: git.nixc.us/nixius/authelia:production-authelia @@ -51,79 +49,107 @@ services: - NOTIFIER_SMTP_PASSWORD - SESSION_SECRET - STORAGE_ENCRYPTION_KEY - environment: - <<: *authelia-env + environment: *authelia-env dns: - - 1.1.1.1 - - 9.9.9.9 + - 1.1.1.1 # Cloudflare + - 9.9.9.9 # Quad9 + volumes: + - /mnt/tank/persist/nixc.us/authelia/production/config:/config:rw networks: - traefik - default - ad deploy: + update_config: + order: start-first + failure_action: rollback + parallelism: 1 + restart_policy: + condition: on-failure + replicas: 1 placement: constraints: -## - node.labels.role == db - node.hostname == ingress.nixc.us -# - node.labels.mac-rack == true labels: + us.nixc.autodeploy: "true" homepage.group: Infrastructure homepage.name: Authelia homepage.href: https://login.nixc.us homepage.description: ATLAS traefik.enable: "true" - traefik.http.routers.authelia_authelia.rule: Host(`login.nixc.us`) - traefik.http.routers.authelia_authelia.entryPoints: websecure - traefik.http.routers.authelia_authelia.service: "authelia_authelia" - traefik.http.routers.authelia_authelia.tls.certresolver: "letsencryptresolver" - traefik.http.services.authelia_authelia.loadbalancer.server.port: "9091" - traefik.http.routers.authelia_authelia.tls: "true" - traefik.http.middlewares.authelia_authelia.forwardAuth.address: http://authelia:9091/api/authz/forward-auth traefik.docker.network: traefik + traefik.http.routers.authelia_authelia.rule: Host(`login.nixc.us`) + traefik.http.routers.authelia_authelia.entrypoints: websecure + traefik.http.routers.authelia_authelia.tls: "true" + traefik.http.routers.authelia_authelia.tls.certresolver: letsencryptresolver + traefik.http.routers.authelia_authelia.service: authelia_authelia + traefik.http.services.authelia_authelia.loadbalancer.server.port: 9091 + traefik.http.middlewares.authelia_authelia.forwardauth.address: http://authelia_authelia:9091/api/verify?rd=https://login.nixc.us/ + traefik.http.middlewares.authelia_authelia.forwardauth.trustForwardHeader: "true" + traefik.http.middlewares.authelia_authelia.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email + traefik.http.middlewares.authelia-basic.forwardauth.address: http://authelia_authelia:9091/api/verify?auth=basic + traefik.http.middlewares.authelia-basic.forwardauth.trustForwardHeader: "true" + traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders: Remote-User,Remote-Groups,Remote-Name,Remote-Email + logging: + driver: json-file + options: + max-size: 10m + max-file: "3" + redis: image: git.nixc.us/nixius/authelia:production-redis - # command: redis-server --appendonly yes + command: redis-server --appendonly yes + volumes: + - /mnt/tank/persist/nixc.us/authelia/production/redis:/data:rw + networks: + - default deploy: + update_config: + order: start-first + failure_action: rollback + parallelism: 1 + restart_policy: + condition: on-failure replicas: 1 placement: constraints: -## - node.labels.role == db - node.hostname == ingress.nixc.us -# - node.labels.mac-rack == true -# preferences: -# - spread: node.id labels: - - traefik.enable=false - - "us.nixc.autodeploy=true" - volumes: - - /mnt/tank/persist/nixc.us/authelia/production/redis:/data - networks: - - default + us.nixc.autodeploy: "true" + traefik.enable: "false" + logging: + driver: json-file + options: + max-size: 10m + max-file: "3" mariadb: image: git.nixc.us/nixius/authelia:production-mariadb - # restart: always environment: MYSQL_ROOT_PASSWORD: authelia MYSQL_DATABASE: authelia MYSQL_USER: authelia MYSQL_PASSWORD: authelia volumes: - - '/mnt/tank/persist/nixc.us/authelia/production/db:/var/lib/mysql' + - /mnt/tank/persist/nixc.us/authelia/production/db:/var/lib/mysql:rw + networks: + - default deploy: + update_config: + order: start-first + failure_action: rollback + parallelism: 1 + restart_policy: + condition: on-failure replicas: 1 placement: constraints: -## - node.labels.role == db - node.hostname == ingress.nixc.us -# - node.labels.mac-rack == true - # placement: - # constraints: - # - node.role == manager - # preferences: - # - spread: node.id labels: - - traefik.enable=false - - "us.nixc.autodeploy=true" - networks: - - default + us.nixc.autodeploy: "true" + traefik.enable: "false" + logging: + driver: json-file + options: + max-size: 10m + max-file: "3" \ No newline at end of file