ok

Authentication/Authelia/README.md

@@ -0,0 +1,32 @@
+![authelia](./img/logo-Authelia.png)
+
+# authelia
+
+Authelia est un serveur et un portail d'authentification et d'autorisation open source répondant au rôle de la sécurité de l'information (IAM) dans la fourniture d'une authentification multifactorielle et d'une connexion unique (SSO) pour vos applications via un portail web. Il agit comme un compagnon pour les proxys inverses communs.
+
+# Installation
+
+Pour utiliser Adminer tout seul
+```bash
+docker compose up -d
+```
+
+Pour utiliser Adminer avec Traefik
+```bash
+docker compose -f docker-compose-traefik.yml up -d
+```
+
+Pour utiliser Adminer avec Nginx
+```bash
+docker compose -f docker-compose-nginx.yml up -d
+```
+# Utilisation
+
+## Accueil
+![authelia-accueil](./img/authelia-000.png)
+
+# More info
+- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/)
+
+# Buy me a coffe
+<a href='https://ko-fi.com/R5R2KNI3N' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://storage.ko-fi.com/cdn/kofi4.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>

Authentication/Authelia/docker-compose-traefik.yml

@@ -0,0 +1,64 @@
+#### NETWORKS
+networks:
+  docker-traefik_front_network:
+    external: true
+  back_network:
+    driver: bridge
+    attachable: true
+    
+#### SERVICES
+services:
+
+### Authelia
+  authelia:
+    container_name: authelia-app
+    hostname: authelia-app
+    image: authelia/authelia
+    volumes:
+      - ./config:/config
+    networks:
+      - back_network
+      - docker-traefik_front_network
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=docker-traefik_front_network"
+# HTTP
+      - "traefik.http.routers.authelia-http.rule=Host(`auth.10.0.4.29.traefik.me`)"
+      - "traefik.http.routers.authelia-http.entrypoints=http"
+# HTTPS
+      - "traefik.http.routers.authelia-https.rule=Host(`auth.10.0.4.29.traefik.me`)"
+      - "traefik.http.routers.authelia-https.entrypoints=https"
+      - "traefik.http.routers.authelia-https.tls=true"
+      - "traefik.http.routers.authelia.service=authelia-service"
+      - "traefik.http.routers.authelia-https.middlewares=authelia-addprefix"
+# Middleware
+      - "traefik.http.middlewares.guacamole-addprefix.addprefix.prefix=/guacamole"
+      - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://auth.jimsgarage.co.uk'
+      - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
+      - 'traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia:9091/api/verify?auth=basic'
+      - 'traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
+# Service
+      - "traefik.http.services.authelia-service.loadbalancer.server.port=9091"
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Paris
+    healthcheck:
+      disable: true
+
+  redis:
+    container_name: authelia-redis
+    hostname: authelia-redis
+    image: redis:alpine
+    volumes:
+      - ./redis:/data
+    networks:
+      - back_network
+    expose:
+      - 6379
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Paris

Authentication/Authelia/docker-compose.yml

@@ -0,0 +1,49 @@
+version: '3'
+
+services:
+  authelia:
+    image: authelia/authelia
+    container_name: authelia
+    volumes:
+      - /home/ubuntu/docker/authelia/config:/config
+    networks:
+      - proxy
+    security_opt:
+      - no-new-privileges:true
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.authelia.rule=Host(`auth.jimsgarage.co.uk`)'
+      - 'traefik.http.routers.authelia.entrypoints=https'
+      - 'traefik.http.routers.authelia.tls=true'
+      - 'traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/verify?rd=https://auth.jimsgarage.co.uk'
+      - 'traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
+      - 'traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia:9091/api/verify?auth=basic'
+      - 'traefik.http.middlewares.authelia-basic.forwardAuth.trustForwardHeader=true'
+      - 'traefik.http.middlewares.authelia-basic.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'
+      - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
+    ports:
+      - 9091:9091
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/London
+    healthcheck:
+      disable: true
+
+  redis:
+    image: redis:alpine
+    container_name: redis
+    volumes:
+      - /home/ubuntu/docker/redis:/data
+    networks:
+      - proxy
+    expose:
+      - 6379
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/London
+
+
+networks:
+  proxy:
+    external: true

Authentication/Authelia/users_database.yml

@@ -0,0 +1,19 @@
+---
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+# List of users
+users:
+  authelia:
+    disabled: false
+    displayname: "Authelia User"
+    # Password is authelia
+    password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"  # yamllint disable-line rule:line-length
+    email: authelia@authelia.com
+    groups:
+      - admins
+      - dev
+...

Authentication/Authentik/.env

@@ -0,0 +1,18 @@
+PG_PASS=UaXg4bygCAIBx3aIegkYk22LE5bOBWLpAuv60eGk
+AUTHENTIK_SECRET_KEY=ThB3GtCJgHxkoFhyorQ4s5jMznqM13nebhHadJvbp5F2E11wA0
+AUTHENTIK_ERROR_REPORTING__ENABLED=true
+COMPOSE_PORT_HTTPS=1443
+COMPOSE_PORT_HTTP=7000
+# SMTP Host Emails are sent to
+AUTHENTIK_EMAIL__HOST=localhost
+AUTHENTIK_EMAIL__PORT=25
+# Optionally authenticate (don't add quotation marks to your password)
+AUTHENTIK_EMAIL__USERNAME=admin@tips-of-mine.fr
+AUTHENTIK_EMAIL__PASSWORD=password
+# Use StartTLS
+AUTHENTIK_EMAIL__USE_TLS=false
+# Use SSL
+AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__TIMEOUT=10
+# Email address authentik will send from, should have a correct @domain
+AUTHENTIK_EMAIL__FROM=authentik@localhost

Authentication/Authentik/LICENSE

@@ -0,0 +1,3 @@
+Additional permission under GNU GPL version 3 section 7
+
+If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work.

Authentication/Authentik/README.md

@@ -0,0 +1,33 @@
+![Authentik](./img/logo-Authentik.png)
+
+# Authentik
+
+
+
+# Installation
+
+Pour utiliser Authentik tout seul
+```bash
+docker compose up -d
+```
+
+Pour utiliser Authentik avec Traefik
+```bash
+docker compose -f docker-compose-traefik.yml up -d
+```
+
+Pour utiliser Authentik avec Nginx
+```bash
+docker compose -f docker-compose-nginx.yml up -d
+```
+
+# Utilisation
+
+## Accueil
+
+
+# More info
+- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/)
+
+# Buy me a coffe
+<a href='https://ko-fi.com/R5R2KNI3N' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://storage.ko-fi.com/cdn/kofi4.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>

Authentication/Authentik/docker-compose-traefik.yml

@@ -0,0 +1,131 @@
+#### NETWORKS
+networks:
+  docker-traefik_front_network:
+    external: true
+  back_network:
+    driver: bridge
+    attachable: true
+
+#### SERVICES
+services:
+
+### postgresql
+  postgresql:
+    container_name: authentik-postgres
+    hostname: authentik-postgres
+    image: docker.io/library/postgres:15.6-alpine
+    restart: unless-stopped
+    networks:
+      - back_network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - ./data:/var/lib/postgresql/data
+    environment:
+      PGDATA: /var/lib/postgresql/data/authentik
+      POSTGRES_PASSWORD: 'P@ssword!Here!123456'
+      POSTGRES_USER: authentik_user
+      POSTGRES_DB: authentik_db
+      TZ: Europe/Paris
+    env_file:
+      - .env
+
+### redis
+  redis:
+    container_name: authentik-redis
+    hostname: authentik-redis
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    networks:
+      - back_network
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - ./redis:/data
+    environment:
+      - TZ=Europe/London
+
+### authentik-server
+  server:
+    container_name: authentik-server
+    hostname: authentik-server
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.2}
+    restart: unless-stopped
+    networks:
+      - docker-traefik_front_network
+      - back_network
+    command: server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: authentik_user
+      AUTHENTIK_POSTGRESQL__NAME: authentik_db
+      AUTHENTIK_POSTGRESQL__PASSWORD: 'P@ssword!Here!123456'
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+#    ports:
+#      - "${COMPOSE_PORT_HTTP:-7000}:9000"
+#      - "${COMPOSE_PORT_HTTPS:-7443}:9443"
+    depends_on:
+      - postgresql
+      - redis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=docker-traefik_front_network"
+# HTTP
+      - "traefik.http.routers.authentik-http.rule=Host(`authentik.10.0.4.29.traefik.me`)"
+      - "traefik.http.routers.authentik-http.entrypoints=http"
+# HTTPS
+      - "traefik.http.routers.authentik-https.rule=Host(`authentik.10.0.4.29.traefik.me`)"
+      - "traefik.http.routers.authentik-https.entrypoints=https"
+      - "traefik.http.routers.authentik-https.service=authentik-service"
+      - "traefik.http.routers.authentik-https.tls=true"
+# Middleware
+# Service
+      - "traefik.http.services.authentik-service.loadbalancer.server.port=9000"
+
+### authentik-worker
+  worker:
+    container_name: authentik-worker
+    hostname: authentik-worker
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.2}
+    restart: unless-stopped
+    networks:
+      - docker-traefik_front_network
+      - back_network
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: authentik_user
+      AUTHENTIK_POSTGRESQL__NAME: authentik_db
+      AUTHENTIK_POSTGRESQL__PASSWORD: 'P@ssword!Here!123456'
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./media:/media
+      - ./certs:/certs
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+    depends_on:
+      - postgresql
+      - redis

Authentication/Authentik/docker-compose.yaml

@@ -0,0 +1,87 @@
+---
+version: "3.4"
+
+services:
+  postgresql:
+    image: docker.io/library/postgres:12-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+      POSTGRES_DB: ${PG_DB:-authentik}
+    env_file:
+      - .env
+  redis:
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - redis:/data
+  server:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3}
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+    ports:
+      - "${COMPOSE_PORT_HTTP:-9000}:9000"
+      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
+    depends_on:
+      - postgresql
+      - redis
+  worker:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.8.3}
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./media:/media
+      - ./certs:/certs
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+    depends_on:
+      - postgresql
+      - redis
+
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local

Authentication/Authentik/prepare.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if ! (docker ps >/dev/null 2>&1)
+then
+	echo "Le daemon docker n'est pas en cours d'exécution, sortie !"
+	exit
+fi
+
+echo "Préparation"
+mkdir -p ./redis >/dev/null 2>&1
+mkdir -p ./data >/dev/null 2>&1

Authentication/Keycloak/.env

@@ -0,0 +1,3 @@
+KC_DB_PASSWORD=admin
+KC_HOSTNAME=keycloak.tips-of-mine.local
+KEYCLOAK_ADMIN_PASSWORD=admin

Authentication/Keycloak/README.md

@@ -0,0 +1,30 @@
+![Keycloak](./img/logo-Keycloak.png)
+
+# Keycloak
+
+# Installation
+
+Pour utiliser Keycloak tout seul
+```bash
+docker compose up -d
+```
+
+Pour utiliser Keycloak avec Traefik
+```bash
+docker compose -f docker-compose-traefik.yml up -d
+```
+
+Pour utiliser Keycloak avec Nginx
+```bash
+docker compose -f docker-compose-nginx.yml up -d
+```
+# Utilisation
+
+## Accueil
+
+
+# More info
+- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/)
+
+# Buy me a coffe
+<a href='https://ko-fi.com/R5R2KNI3N' target='_blank'><img height='36' style='border:0px;height:36px;' src='https://storage.ko-fi.com/cdn/kofi4.png?v=3' border='0' alt='Buy Me a Coffee at ko-fi.com' /></a>

Authentication/Keycloak/docker-compose.yaml

@@ -0,0 +1,64 @@
+#### networks
+networks:
+  docker-traefik_front_network:
+    external: true
+  back_network:
+    driver: bridge
+    attachable: true
+
+
+#### services
+services:
+  postgres:
+    container_name: keycloak-postgres
+    hostname: keycloak-postgres
+    image: postgres:15.6-alpine
+    restart: always
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "keycloak"]
+    environment:
+      POSTGRES_DB: keycloak_db
+      POSTGRES_USER: keycloak_user
+      POSTGRES_PASSWORD: 'P@ssword!Here!123456'
+    volumes:
+      - ./data:/var/lib/postgresql/data
+    networks:
+    - back_network
+
+  keycloak:
+    container_name: keycloak-app
+    hostname: keycloak-app
+    image: quay.io/keycloak/keycloak:latest
+    command: ["start-dev", "--import-realm"]
+    restart: always
+    environment:
+      KC_DB: postgres
+      KC_DB_USERNAME: keycloak_user
+      KC_DB_PASSWORD: P@ssword!Here!123456
+      KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak_db"
+      KC_HOSTNAME: keycloak.tips-of-mine.local
+      KC_METRICS_ENABLED: true
+      KC_LOG_LEVEL: INFO
+      KC_REALM_NAME: grafana
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: keycloak
+      KC_PROXY: edge
+    ports:
+      - 8282:8080
+    networks:
+    - back_network
+    - docker-traefik_front_network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=docker-traefik_front_network"
+# HTTP
+      - "traefik.http.routers.keycloak-http.rule=Host(`keycloak.tips-of-mine.local`)"
+      - "traefik.http.routers.keycloak-http.entrypoints=http"
+# HTTPS
+      - "traefik.http.routers.keycloak-https.rule=Host(`keycloak.tips-of-mine.local`)"
+      - "traefik.http.routers.keycloak-https.entrypoints=https"
+      - "traefik.http.routers.keycloak-https.tls=true"
+      - "traefik.http.routers.keycloak-https.service=keycloak-service"
+# Middleware
+# Service
+      - "traefik.http.services.keycloak-service.loadbalancer.server.port=8080"