From 96e3c80ffbb62976045da1ae0f1d111dd36cbee9 Mon Sep 17 00:00:00 2001 From: elfateh4 Date: Tue, 2 Dec 2025 05:48:54 +0100 Subject: [PATCH] Refactor Authelia database configuration to use environment variables for improved security and flexibility; add Duplicati service for encrypted cloud backup. --- authelia/configuration.template.yml | 5 ++-- authelia/configuration.yml | 1 + docker-compose.yml | 41 +++++++++++++++++++++++++++-- 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/authelia/configuration.template.yml b/authelia/configuration.template.yml index 7431e16..76bf875 100644 --- a/authelia/configuration.template.yml +++ b/authelia/configuration.template.yml @@ -35,8 +35,9 @@ session: storage: postgres: address: 'tcp://authelia-db:5432' - database: 'authelia' - username: 'authelia' + database: '${AUTHELIA_DB_NAME}' + username: '${AUTHELIA_DB_USER}' + password: '${AUTHELIA_DB_PASSWORD}' notifier: disable_startup_check: true diff --git a/authelia/configuration.yml b/authelia/configuration.yml index 18fbcc7..1d3835e 100644 --- a/authelia/configuration.yml +++ b/authelia/configuration.yml @@ -37,6 +37,7 @@ storage: address: 'tcp://authelia-db:5432' database: 'authelia' username: 'authelia' + password: 'p/6EGIgTxPndniwUCY54G7q5jOPqXofF' notifier: disable_startup_check: true diff --git a/docker-compose.yml b/docker-compose.yml index d4973ab..a1ce537 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,7 @@ volumes: beszel_data: gitea_data: gitea_db_data: + duplicati_config: ######################## # Services @@ -149,6 +150,9 @@ services: TZ: "${TZ}" DOMAIN: "${DOMAIN}" DOMAIN_PREFIX: "${DOMAIN_PREFIX}" + AUTHELIA_DB_NAME: "${AUTHELIA_DB_NAME}" + AUTHELIA_DB_USER: "${AUTHELIA_DB_USER}" + AUTHELIA_DB_PASSWORD: "${AUTHELIA_DB_PASSWORD}" AUTHELIA_SESSION_SECRET: '${AUTHELIA_SESSION_SECRET}' AUTHELIA_STORAGE_ENCRYPTION_KEY: '${AUTHELIA_STORAGE_ENCRYPTION_KEY}' AUTHELIA_STORAGE_POSTGRES_PASSWORD: '${AUTHELIA_DB_PASSWORD}' @@ -173,8 +177,8 @@ services: restart: unless-stopped networks: [traefik_proxy] environment: - POSTGRES_DB: authelia - POSTGRES_USER: authelia + POSTGRES_DB: ${AUTHELIA_DB_NAME} + POSTGRES_USER: ${AUTHELIA_DB_USER} POSTGRES_PASSWORD: ${AUTHELIA_DB_PASSWORD} volumes: - authelia_db_data:/var/lib/postgresql/data @@ -348,6 +352,8 @@ services: - GITEA__server__SSH_LISTEN_PORT=22 - GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY} - GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN} + - GITEA__i18n__LANGS=en-US + - GITEA__i18n__NAMES=English volumes: - gitea_data:/data - /etc/timezone:/etc/timezone:ro @@ -390,3 +396,34 @@ services: timeout: 10s retries: 3 start_period: 30s + + ## ───────────────────────────────────────────── + ## Duplicati — encrypted cloud backup + ## ───────────────────────────────────────────── + duplicati: + image: lscr.io/linuxserver/duplicati:latest + container_name: duplicati + restart: unless-stopped + networks: [traefik_proxy] + environment: + - PUID=0 + - PGID=0 + - TZ=${TZ} + - SETTINGS_ENCRYPTION_KEY=${DUPLICATI_ENCRYPTION_KEY} + - CLI_ARGS=--webservice-allowed-hostnames=* --webservice-password=${DUPLICATI_PASSWORD} + volumes: + - duplicati_config:/config + - /:/source:ro + labels: + - "traefik.enable=true" + - "traefik.http.routers.duplicati.rule=Host(`backup.${DOMAIN_PREFIX}.${DOMAIN}`)" + - "traefik.http.routers.duplicati.entrypoints=websecure" + - "traefik.http.routers.duplicati.tls.certresolver=le" + - "traefik.http.routers.duplicati.middlewares=security-headers@docker" + - "traefik.http.services.duplicati.loadbalancer.server.port=8200" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8200"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s