diff --git a/admin/.gitignore b/admin/.gitignore new file mode 100644 index 0000000..86337b8 --- /dev/null +++ b/admin/.gitignore @@ -0,0 +1 @@ +appdata/ \ No newline at end of file diff --git a/admin-compose.yml b/admin/docker-compose.yml similarity index 61% rename from admin-compose.yml rename to admin/docker-compose.yml index 6b1f7b7..f343247 100644 --- a/admin-compose.yml +++ b/admin/docker-compose.yml @@ -31,21 +31,5 @@ services: - /var/run/docker.sock:/var/run/docker.sock - /etc/localtime:/etc/localtime:ro - portainer-agent: - container_name: portainer-agent - hostname: portainer-agent - image: portainer/agent:2.16.2 - environment: - - AGENT_SECRET=$ADMIN_PASSWORD - networks: - - admin - ports: - - 9001:9001/tcp - restart: always - volumes: - - /var/lib/docker/volumes:/var/lib/docker/volumes - - /var/run/docker.sock:/var/run/docker.sock - - /etc/localtime:/etc/localtime:ro - networks: admin: \ No newline at end of file diff --git a/authelia.conf b/authelia.conf deleted file mode 100644 index 37a181f..0000000 --- a/authelia.conf +++ /dev/null @@ -1,33 +0,0 @@ -location / { -set $upstream_authelia http://192.168.1.30:9091; -proxy_pass $upstream_authelia; -client_body_buffer_size 128k; - -#Timeout if the real server is dead -proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; - -# Advanced Proxy Config -send_timeout 5m; -proxy_read_timeout 360; -proxy_send_timeout 360; -proxy_connect_timeout 360; - -# Basic Proxy Config -proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; -proxy_set_header X-Forwarded-Host $http_host; -proxy_set_header X-Forwarded-Uri $request_uri; -proxy_set_header X-Forwarded-Ssl on; -proxy_redirect http:// $scheme://; -proxy_http_version 1.1; -proxy_set_header Connection ""; -proxy_cache_bypass $cookie_session; -proxy_no_cache $cookie_session; -proxy_buffers 64 256k; - -# If behind reverse proxy, forwards the correct IP, assumes you're using Cloudflare. Adjust IP for your Docker network. -set_real_ip_from 192.168.1.0/24; -real_ip_recursive on; -} \ No newline at end of file diff --git a/configuration.yml b/configuration.yml deleted file mode 100644 index b5a9dd2..0000000 --- a/configuration.yml +++ /dev/null @@ -1,136 +0,0 @@ -theme: dark -jwt_secret: 9DGPzQy8SZQ7rV57V3DJnw - -#default_redirection_url: https://www.google.com/ - -server: - host: 0.0.0.0 - port: 9091 - path: "" - read_buffer_size: 4096 - write_buffer_size: 4096 - enable_pprof: false - enable_expvars: false - disable_healthcheck: false - tls: - key: "" - certificate: "" - -log: - level: info - -totp: - disable: false - issuer: akanealw.com - algorithm: sha1 - digits: 6 - period: 30 - skew: 0 - secret_size: 32 - -authentication_backend: - disable_reset_password: true - refresh_interval: 5m - file: - path: /config/users_database.yml - password: - algorithm: argon2id - iterations: 1 - salt_length: 16 - parallelism: 8 - memory: 64 - -access_control: - default_policy: deny - rules: - # bypass rule - - domain: "auth.akanealw.com" - policy: bypass - - domain: "bitwarden.akanealw.com" - policy: bypass - - domain: "meshcentral.akanealw.com" - policy: bypass - - domain: "owncloud.akanealw.com" - policy: bypass - - domain: "overseerr.akanealw.com" - policy: bypass - - domain: "plex.akanealw.com" - policy: bypass - - domain: "tautulli.akanealw.com" - policy: bypass - - # two_factor rule - - domain: "akanealw.com" - policy: two_factor - - domain: "codeserver.akanealw.com" - policy: two_factor - - domain: "freshrss.akanealw.com" - policy: two_factor - - domain: "gitea.akanealw.com" - policy: two_factor - - domain: "jackett.akanealw.com" - policy: two_factor - - domain: "jdownloader.akanealw.com" - policy: two_factor - - domain: "kavita.akanealw.com" - policy: two_factor - - domain: "metube.akanealw.com" - policy: two_factor - - domain: "monitorr.akanealw.com" - policy: two_factor - - domain: "mstream.akanealw.com" - policy: two_factor - - domain: "nzbhydra.akanealw.com" - policy: two_factor - - domain: "portainer.akanealw.com" - policy: two_factor - - domain: "prowlarr.akanealw.com" - policy: two_factor - - domain: "qbittorrent.akanealw.com" - policy: two_factor - - domain: "radarr.akanealw.com" - policy: two_factor - - domain: "sabnzbd.akanealw.com" - policy: two_factor - - domain: "sonarr.akanealw.com" - policy: two_factor - - domain: "tdarr.akanealw.com" - policy: two_factor - - domain: "www.akanealw.com" - policy: two_factor - -session: - name: authelia_session - domain: akanealw.com - same_site: lax - secret: 8r9y4d8mY7NfQtpCe2oU - expiration: 1h - inactivity: 5m - remember_me_duration: 1w - -regulation: - max_retries: 3 - find_time: 10m - ban_time: 12h - -storage: - local: - path: /config/db.sqlite3 - encryption_key: iiB7C8Bn4A2gAhzs2fWaggUug76PZ4LU - -notifier: - disable_startup_check: true - smtp: - username: akanealw@gmail.com - password: qlvmffuzpscltdgz - host: smtp.gmail.com - port: 587 - sender: akanealw@gmail.com - identifier: proxyserver - subject: "[Authelia] {title}" - startup_check_address: akanealw@gmail.com - disable_require_tls: false - disable_html_emails: false - tls: - skip_verify: false - minimum_version: TLS1.2 diff --git a/docker-compose.yml b/docker-compose.yml index 44030b1..760b2e8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,86 +1,6 @@ version: '3' services: - authelia: - container_name: authelia - hostname: authelia - image: authelia/authelia - environment: - - TZ=America/Chicago - ports: - - 9091:9091 - restart: always - volumes: - - ./appdata/authelia/config:/config - - gluetun: - container_name: gluetun - hostname: gluetun - image: qmcgaw/gluetun - environment: - - VPN_SERVICE_PROVIDER=mullvad - - VPN_TYPE=wireguard - - WIREGUARD_PRIVATE_KEY=aOlTmJ/KpTi0qZeed3rXNcRPPTIw0InAvf1gMV4EtXo= - - WIREGUARD_ADDRESSES=10.66.182.60/32 - - HTTPPROXY=on - - SERVER_CITIES=New York NY - - TZ=$TZ - cap_add: - - NET_ADMIN - devices: - - /dev/net/tun:/dev/net/tun - ports: - - 8888:8888/tcp # HTTP proxy - - 8388:8388/tcp # Shadowsocks - - 8388:8388/udp # Shadowsocks - restart: always - volumes: - - ./appdata/gluetun:/gluetun - - nginxproxymanager: - container_name: nginxproxymanager - hostname: nginxproxymanager - image: jc21/nginx-proxy-manager:latest - environment: - - X_FRAME_OPTIONS=sameorigin - - DB_SQLITE_FILE=/data/database.sqlite - ports: - - 8443:443/tcp - - 8080:80/tcp - - 8081:81/tcp - restart: always - volumes: - - ./appdata/nginxproxymanager/data:/data - - ./appdata/nginxproxymanager/letsencrypt:/etc/letsencrypt - - /etc/localtime:/etc/localtime:ro - - openvpn: - container_name: openvpn - hostname: openvpn - image: kylemanna/openvpn - cap_add: - - NET_ADMIN - ports: - - "1194:1194/tcp" - restart: always - volumes: - - ./appdata/openvpn/conf:/etc/openvpn - - openssh-server: - container_name: openssh-server - hostname: openssh-server - image: lscr.io/linuxserver/openssh-server:latest - environment: - - PUID=$PUID - - PGID=$PGID - - TZ=$TZ - - PUBLIC_KEY_FILE=/config/aknlw.com.pub - - USER_NAME=akanealw - ports: - - 2222:2222 - restart: always - volumes: - - ./appdata/openssh-server/config:/config networks: default: