diff --git a/identity/authelia/users_database.example.yml b/identity/authelia/users_database.example.yml index 07fa565..328fe8f 100644 --- a/identity/authelia/users_database.example.yml +++ b/identity/authelia/users_database.example.yml @@ -1,12 +1,8 @@ users: - john: + fizzlepoof: disabled: false displayname: John - email: john@example.com - password: '$argon2id$v=19$m=65536,t=3,p=4$REPLACE$REPLACE' + email: admin@paccoco.com + password: $argon2id$v=19$m=65536,t=3,p=4$REPLACE$REPLACE groups: - - admins - # future examples: - # - infra - # - media - # - family + - admins diff --git a/ingress/traefik/dynamic/routes.yml b/ingress/traefik/dynamic/routes.yml index 8bc2c79..c4195ce 100644 --- a/ingress/traefik/dynamic/routes.yml +++ b/ingress/traefik/dynamic/routes.yml @@ -21,7 +21,6 @@ http: service: grafana middlewares: - security-headers - - authelia-forwardauth technitium: rule: Host(`dns.paccoco.com`) diff --git a/monitoring/.env.example b/monitoring/.env.example index e25e454..064d1e5 100644 --- a/monitoring/.env.example +++ b/monitoring/.env.example @@ -5,7 +5,7 @@ GF_ADMIN_USER=admin GF_ADMIN_PASS=CHANGE_ME GF_HOST=grafana.paccoco.com LOKI_HOST=loki.paccoco.com -AUTHENTIK_HOST=auth.paccoco.com +AUTHENTIK_URL=https://auth.paccoco.com GF_AUTHENTIK_APP_SLUG=grafana GF_AUTH_GENERIC_OAUTH_ENABLED=true GF_AUTH_GENERIC_OAUTH_NAME=Authentik diff --git a/monitoring/docker-compose.yaml b/monitoring/docker-compose.yaml index fa56c3b..258028d 100644 --- a/monitoring/docker-compose.yaml +++ b/monitoring/docker-compose.yaml @@ -49,10 +49,10 @@ services: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ${GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET} GF_AUTH_GENERIC_OAUTH_SCOPES: ${GF_AUTH_GENERIC_OAUTH_SCOPES} GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES: ${GF_AUTH_GENERIC_OAUTH_EMPTY_SCOPES} - GF_AUTH_GENERIC_OAUTH_AUTH_URL: https://${AUTHENTIK_HOST}/application/o/authorize/ - GF_AUTH_GENERIC_OAUTH_TOKEN_URL: https://${AUTHENTIK_HOST}/application/o/token/ - GF_AUTH_GENERIC_OAUTH_API_URL: https://${AUTHENTIK_HOST}/application/o/userinfo/ - GF_AUTH_SIGNOUT_REDIRECT_URL: https://${AUTHENTIK_HOST}/application/o/${GF_AUTHENTIK_APP_SLUG}/end-session/ + GF_AUTH_GENERIC_OAUTH_AUTH_URL: ${AUTHENTIK_URL}/application/o/authorize/ + GF_AUTH_GENERIC_OAUTH_TOKEN_URL: ${AUTHENTIK_URL}/application/o/token/ + GF_AUTH_GENERIC_OAUTH_API_URL: ${AUTHENTIK_URL}/application/o/userinfo/ + GF_AUTH_SIGNOUT_REDIRECT_URL: ${AUTHENTIK_URL}/application/o/${GF_AUTHENTIK_APP_SLUG}/end-session/ GF_AUTH_GENERIC_OAUTH_USE_PKCE: ${GF_AUTH_GENERIC_OAUTH_USE_PKCE} GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: ${GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP} GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN: ${GF_AUTH_GENERIC_OAUTH_AUTO_LOGIN}