3ace667b6c
- authentik: address the rewrite service by compose service name instead of a network alias on the public FQDN, which shadowed extra_hosts pins and broke OIDC discovery for c-ares-based (Node) resolvers - homarr: add homarr_extra_hosts to pin the IdP FQDN to a LAN IP so OIDC discovery stays in-network while the issuer matches the browser-facing URL - opnform: add opnform_oidc_sso_redirect_root to 302 the root URL to the SSO path (deep-links untouched, /login?bypass=1 break-glass); restart ingress via container restart so envsubst re-renders nginx.conf - nextcloud: make the UserConfig sed workaround fail loud on upstream drift instead of silently skipping (nextcloud/server#59629) - gitignore: exclude the local .ansible/ collection cache
51 lines
No EOL
2.2 KiB
Django/Jinja
51 lines
No EOL
2.2 KiB
Django/Jinja
#---------------------------------------------------------------------#
|
|
# Homarr — A simple, yet powerful dashboard for your server. #
|
|
#---------------------------------------------------------------------#
|
|
services:
|
|
homarr:
|
|
container_name: homarr
|
|
image: {{ homarr_image }}
|
|
restart: unless-stopped
|
|
volumes:
|
|
{% if homarr_use_docker %}
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
{% endif %}
|
|
- {{ homarr_docker_volume_dir }}/homarr/appdata:/appdata
|
|
environment:
|
|
TZ: "Europe/Zurich"
|
|
BASE_URL: "{{ homarr_base_url }}"
|
|
NEXTAUTH_URL: "{{ homarr_base_url }}"
|
|
SECRET_ENCRYPTION_KEY: "{{ homarr_secret_encryption_key }}"
|
|
AUTH_PROVIDERS: "{{ homarr_auth_providers }}"
|
|
AUTH_OIDC_ISSUER: "{{ homarr_oidc_issuer }}"
|
|
AUTH_OIDC_CLIENT_ID: "{{ homarr_oidc_client_id }}"
|
|
AUTH_OIDC_CLIENT_SECRET: "{{ homarr_oidc_client_secret }}"
|
|
AUTH_OIDC_CLIENT_NAME: "{{ homarr_oidc_client_name | default('Keycloak') }}"
|
|
AUTH_OIDC_SCOPE_OVERWRITE: "{{ homarr_oidc_scopes | default('openid email profile groups') }}"
|
|
AUTH_OIDC_GROUPS_ATTRIBUTE: "{{ homarr_oidc_groups_attribute | default('groups') }}"
|
|
AUTH_OIDC_AUTO_LOGIN: "{{ homarr_oidc_auto_login | default('false') }}"
|
|
networks:
|
|
- {{ homarr_traefik_network }}
|
|
{% if homarr_extra_hosts | default([]) | length > 0 %}
|
|
extra_hosts:
|
|
{% for h in homarr_extra_hosts %}
|
|
- "{{ h }}"
|
|
{% endfor %}
|
|
{% endif %}
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network={{ homarr_traefik_network }}
|
|
- traefik.http.routers.homarr.rule={% set _all_domains = [homarr_domain] + (homarr_extra_domains | default([])) %}{% for d in _all_domains %}Host(`{{ d }}`){% if not loop.last %} || {% endif %}{% endfor +%}
|
|
{% if homarr_use_ssl %}
|
|
- traefik.http.routers.homarr.entrypoints=websecure
|
|
- traefik.http.routers.homarr.tls=true
|
|
{% if traefik_cert_mode | default('selfsigned') == 'acme' %}
|
|
- traefik.http.routers.homarr.tls.certresolver={{ traefik_ssl_cert_resolver | default('dns') }}
|
|
{% endif %}
|
|
{% else %}
|
|
- traefik.http.routers.homarr.entrypoints=web
|
|
{% endif %}
|
|
- traefik.http.services.homarr.loadbalancer.server.port={{ homarr_port }}
|
|
networks:
|
|
{{ homarr_traefik_network }}:
|
|
external: true |