Added authelia, caddy and adguard

homelab/.gitignore

@@ -0,0 +1,2 @@
+secrets/
+.env

homelab/README.md

@@ -0,0 +1,5 @@
+# Create proxy network
+`docker network create proxy`
+
+# Configure caddy cloudflare
+Find instructions on [caddy-dns cloudflare](https://github.com/caddy-dns/cloudflare)

homelab/adguard/docker-compose.yml

@@ -0,0 +1,21 @@
+services:
+  adguardhome:
+    image: adguard/adguardhome:latest
+    container_name: adguardhome
+    restart: unless-stopped
+    ports:
+      - 53:53/tcp
+      - 53:53/udp
+#      - 80:3000 # Only use during setup
+    volumes:
+      - work:/opt/adguardhome/work
+      - conf:/opt/adguardhome/conf
+
+volumes:
+  work:
+  conf:
+
+networks:
+  default:
+    name: proxy
+    external: true

homelab/authelia/config/.gitignore

@@ -0,0 +1,2 @@
+db.sqlite3
+notifications.txt

homelab/authelia/docker-compose.yml

@@ -0,0 +1,35 @@
+services:
+  authelia:
+    image: authelia/authelia:latest
+    container_name: authelia
+    restart: unless-stopped
+    volumes:
+      - ./config:/config
+    depends_on:
+      - lldap
+    environment:
+      JWT_SECRET: ${AUTHELIA_JWT_SECRET}
+      SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
+      STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+      AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD: ${LLDAP_ADMIN_PASSWORD}
+
+  lldap:
+    image: lldap/lldap:latest
+    container_name: lldap
+    restart: unless-stopped
+    volumes:
+      - data_lldap:/data
+    environment:
+      LLDAP_JWT_SECRET: ${LLDAP_JWT_SECRET}
+      LLDAP_KEY_SEED: ${LLDAP_KEY_SEED}
+      LLDAP_LDAP_BASE_DN: dc=bmrs,dc=nl
+      LLDAP_LDAP_USER_PASS: ${LLDAP_ADMIN_PASSWORD}
+
+volumes:
+  data_lldap:
+
+networks:
+  default:
+    name: proxy
+    external: true
+

homelab/caddy/Dockerfile

@@ -0,0 +1,8 @@
+FROM caddy:2.8-builder AS builder
+
+RUN xcaddy build \
+  --with github.com/caddy-dns/cloudflare
+
+FROM caddy:2.8
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

homelab/caddy/README.md

@@ -0,0 +1,2 @@
+# Caddy reverse proxy
+Follow [this](https://github.com/caddy-dns/cloudflare) to obtain secrets

homelab/caddy/caddyfiles/Caddyfile

@@ -0,0 +1,16 @@
+localhost {
+	respond "Hello world!"
+}
+
+
+*.timo.bmrs.nl timo.bmrs.nl {
+	tls {
+		dns cloudflare {
+			zone_token {env.CF_ZONE_TOKEN}
+			api_token {env.CF_API_TOKEN}
+		}
+		resolvers 1.1.1.1
+	}
+
+	import routes/*
+}

homelab/caddy/caddyfiles/routes/adguard

@@ -0,0 +1,9 @@
+@adguard host adguard.timo.bmrs.nl
+handle @adguard {
+	forward_auth authelia:9091 {
+		uri /api/authz/forward-auth
+		copy_headers Remote-User Remote-Groups Remote-Email Remote-Name		
+	}
+
+	reverse_proxy adguardhome:3000
+}

homelab/caddy/caddyfiles/routes/authelia

@@ -0,0 +1,9 @@
+@ldap host ldap.timo.bmrs.nl
+handle @ldap {
+	reverse_proxy lldap:17170
+}
+
+@authelia host auth.timo.bmrs.nl
+handle @authelia {
+	reverse_proxy authelia:9091
+}

homelab/caddy/docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   caddy:
-    image: caddy:2.8
+    build: .
     container_name: caddy
     restart: unless-stopped
     cap_add:
@@ -10,10 +10,18 @@ services:
       - 443:443
       - 443:443/udp
     volumes:
-      - caddy_data:/data
-      - caddy_config:/config
+      - data:/data
+      - config:/config
       - ./caddyfiles:/etc/caddy/
+    environment:
+      CF_ZONE_TOKEN: ${CF_ZONE_TOKEN}
+      CF_API_TOKEN: ${CF_API_TOKEN}
 
 volumes:
-  caddy_data:
-  caddy_config:
+  data:
+  config:
+
+networks:
+  default:
+    name: proxy
+    external: true