Initial configuration

authelia/.gitignore

@@ -0,0 +1 @@
+keys/

authelia/README.md

@@ -0,0 +1,13 @@
+# Authelia
+
+1. Edit environment variables.
+   1. For HMAC_SECRET, JWT_SECRET, ADMIN_PASSWORD, SESSION_SECRET, STORAGE_ENCRYPTION_KEY, LLDAP_KEY_SEED use an random alphanumeric string of at least 64 characters
+   2. For CLIENT_SECRET, CLIEND_ID: [Generate client identifier](https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-a-client-identifier-or-client-secret)
+      1. Use single quotes for the client secret
+
+2. Generate PAM file using and save it to the /config/keys directory: [Generating keypair](https://www.authelia.com/reference/guides/generating-secure-values/#generating-an-rsa-keypair)
+   1. Save the random password
+
+3. Configure LLDAP
+   1. Create a user in LLDAP with the group: lldap_password_manager
+   2. Create groups: forgejo

authelia/docker-compose.yml

@@ -0,0 +1,44 @@
+services:
+  authelia:
+    image: authelia/authelia:latest
+    container_name: authelia
+    restart: unless-stopped
+    depends_on:
+      - lldap
+    volumes:
+      - ./config/configuration.yml:/config/configuration.yml
+      - ./config/keys:/keys
+      - data_authelia:/config
+    environment:
+      X_AUTHELIA_CONFIG_FILTERS: template
+      JWT_SECRET: ${AUTHELIA_JWT_SECRET}
+      SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
+      STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+      AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${LLDAP_ADMIN_PASSWORD}
+      HMAC_SECRET: ${AUTHELIA_HMAC_SECRET}
+      CLIENT_SECRET_FORGEJO: ${AUTHELIA_CLIENT_SECRET_FORGEJO}
+      CLIENT_ID_FORGEJO: ${AUTHELIA_CLIENT_ID_FORGEJO}
+      CLIENT_SECRET_PAPERLESS: ${AUTHELIA_CLIENT_SECRET_PAPERLESS}
+      CLIENT_ID_PAPERLESS: ${AUTHELIA_CLIENT_ID_PAPERLESS}
+
+  lldap:
+    image: lldap/lldap:latest
+    container_name: lldap
+    restart: unless-stopped
+    volumes:
+      - data_lldap:/data
+    environment:
+      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
+      LLDAP_KEY_SEED: ${LLDAP_KEY_SEED}
+      LLDAP_LDAP_BASE_DN: dc=bmrs,dc=nl
+      LLDAP_LDAP_USER_PASS: ${LLDAP_ADMIN_PASSWORD}
+
+volumes:
+  data_lldap:
+  data_authelia:
+
+networks:
+  default:
+    name: proxy
+    external: true
+