eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
homelab/compose/core/lldap/.env
Claude fd48fed9d8
feat: Complete homelab GitOps setup with SSO and SSL 
Core Infrastructure:
- Add LLDAP for centralized user authentication (lldap.fig.systems)
- Configure Tinyauth with LLDAP backend for SSO (auth.fig.systems)
- Set up Traefik v3.3 with Let's Encrypt SSL automation
- Create homelab Docker network for service isolation

Media Services:
- Configure Jellyfin with /media folder mappings (flix.fig.systems)
- Add Jellyseerr for media requests (requests.fig.systems)
- Update Immich with photo library access (photos.fig.systems)
- Set up Sonarr for TV automation (sonarr.fig.systems)
- Set up Radarr for movie automation (radarr.fig.systems)
- Configure SABnzbd for Usenet downloads (sabnzbd.fig.systems)
- Add qBittorrent for torrent downloads (qbt.fig.systems)

Utility Services:
- Update Linkwarden with proper networking (links.fig.systems)
- Configure Vikunja task management (tasks.fig.systems)
- Set up LubeLogger vehicle tracking (garage.fig.systems)
- Configure Calibre-web for ebooks (books.fig.systems)
- Add Booklore for book tracking (booklore.fig.systems)
- Update FreshRSS reader (rss.fig.systems)
- Update RSSHub with internal networking (rsshub.fig.systems)
- Update MicroBin pastebin (paste.fig.systems)
- Add File Browser for media access (files.fig.systems)

Technical Improvements:
- Standardize all compose files to compose.yaml (Docker best practice)
- Add Traefik labels to all services for SSL termination
- Implement proper network isolation (homelab + service-specific networks)
- Add health checks to database services
- Configure dual domain support (fig.systems + edfig.dev)
- Set proper /media folder mappings for all media services
- Add comprehensive README with deployment instructions

Security:
- Enable SSO via Tinyauth for most services
- Configure LLDAP with admin user (edfig/admin@edfig.dev)
- Services with built-in auth have SSO disabled by default
- All traffic secured with automatic Let's Encrypt certificates
2025-11-05 19:12:04 +00:00

25 lines
788 B
Bash
Raw Blame History

# LLDAP Configuration
# Base DN for the LDAP directory
LLDAP_LDAP_BASE_DN=dc=fig,dc=systems
# Admin user configuration
LLDAP_LDAP_USER_DN=admin
LLDAP_LDAP_USER_EMAIL=admin@edfig.dev
LLDAP_LDAP_USER_PASS=changeme_please_set_secure_password
# JWT secret for session management (change this!)
LLDAP_JWT_SECRET=changeme_please_set_random_secret
# Database URL (SQLite by default)
LLDAP_DATABASE_URL=sqlite:///data/users.db
# Timezone
TZ=America/New_York
# Optional: SMTP configuration for password reset emails
# LLDAP_SMTP_OPTIONS__SERVER=smtp.gmail.com
# LLDAP_SMTP_OPTIONS__PORT=587
# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=STARTTLS
# LLDAP_SMTP_OPTIONS__USER=your-email@gmail.com
# LLDAP_SMTP_OPTIONS__PASSWORD=your-app-password
# LLDAP_SMTP_OPTIONS__FROM=LLDAP Admin <admin@edfig.dev>
Reference in a new issue View git blame Copy permalink