s

docker-compose/traefik/configuration.yml.j2

@@ -1,4 +1,5 @@
 ---
+# geklaut von: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
 server.address: "0.0.0.0:9091"
 
 log:
@@ -6,7 +7,9 @@ log:
 
 identity_validation:
   reset_password:
-    jwt_secret: c50498e29383564cd50bdeda9b74a3bf
+    jwt_secret: "{{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }}"
+
+authelia_jwt_secret
 
 totp:
   issuer: totp.mgrote.net
@@ -36,10 +39,9 @@ regulation:
   ban_time: 300
 
 storage:
-  encryption_key: f30ebde68b2c85c1b3fe2d16d9884190 # verschlüsseln
+  encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }}
   local:
     path: /data/db.sqlite3
-    # db auf mariadb ändern
 
 notifier:
   smtp:
@@ -68,8 +70,7 @@ authentication_backend:
       username: uid
       group_name: cn
       mail: mail
-    # The username and password of the bind user.
-    # "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
-    # If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
     user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
     password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
+
+# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/

docker-compose/traefik/docker-compose.yml.j2

@@ -1,3 +1,5 @@
+# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/
+
 services:
 ######## traefik ########
   traefik:
@@ -76,23 +78,13 @@ volumes:
   acme_data:
   authelia_data:
 
-
-# passwd
-# echo "<user>:$(mkpasswd -m sha-512 <password>)" # kann weg
-
-
-
 # TODO
-# ldap user: https://www.authelia.com/configuration/first-factor/ldap/
-# test mit whoami
-# doku: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker
 # healtchecks
 # munin
 # keepass aufraumen
-# secrets
 # docs lesen
-# test mail senden
 # ldap gruppe per app
-# rechte konzept fur ldap beschreiben +  https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
-# munin absichern
 # weitere seiten?
+# registry-ui
+# munin
+# traefik

docker-compose/traefik/traefik.yml

@@ -40,9 +40,3 @@ api:
   dashboard: true # unter Port 8081 erreichbar
 
 ping: {} # für healthcheck
-
-#experimental:
-#  plugins:
-#    ldapAuth:
-#      moduleName: "github.com/wiltonsr/ldapAuth"
-#      version: "v0.1.4"