From 5e34990d2768a9f01dc0a4f1bba749f87dfa330b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Domr=C3=B6se?= Date: Sun, 8 Jun 2025 22:52:24 +0200 Subject: [PATCH] oauth MEALIE oauth OLLAMA oauth PAPERLESS --- mealie/docker-compose.yml | 20 +++++++++++++++----- ollama/docker-compose.yml | 8 ++++++++ paperless/docker-compose.yml | 17 +++++++++++++++++ 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/mealie/docker-compose.yml b/mealie/docker-compose.yml index e2474a0..a9f0701 100644 --- a/mealie/docker-compose.yml +++ b/mealie/docker-compose.yml @@ -47,13 +47,23 @@ services: POSTGRES_SERVER: mealie-db POSTGRES_PORT: 5432 POSTGRES_DB: mealie - SMTP_HOST: smtp.gmail.com - SMTP_PORT: 587 + SMTP_HOST: ${SYSTEM_EMAIL_SMTP_HOST} + SMTP_PORT: ${SYSTEM_EMAIL_SMTP_PORT} SMTP_FROM_NAME: Mealie SMTP_AUTH_STRATEGY: TLS # Options: TLS, SSL, NONE - SMTP_FROM_EMAIL: Your-own-gmail-address - SMTP_USER: Your-own-gmail-address - SMTP_PASSWORD: Your-own-app-password + SMTP_FROM_EMAIL: ${SYSTEM_EMAIL_USER} + SMTP_USER: ${SYSTEM_EMAIL_USER} + SMTP_PASSWORD: ${SYSTEM_EMAIL_PASSSWORD} + OIDC_AUTH_ENABLED: true + OIDC_PROVIDER_NAME: auth.domr.ovh + OIDC_CONFIGURATION_URL: https://authentik.company/application/o//.well-known/openid-configuration + OIDC_CLIENT_ID: oVmVbL9Ehd1KAjSgAseAMZw4LHV6gmUfsFEf2Akp + OIDC_CLIENT_SECRET: WP2hs4qKjmEpKQabIvKCBgDwtlm534It526vs3Mg9lrBGgzswG9sCh0nw7ieW9y7D7OMRe0x2gkcHqcdP37LVMBgpR3f2rABSlOduhyZhPQKOUNBk79AQNxYr23Mdaud + OIDC_SIGNUP_ENABLED: true + OIDC_USER_GROUP: + OIDC_ADMIN_GROUP: + OIDC_AUTO_REDIRECT: true # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider. + OIDC_REMEMBER_ME: true # Optional: By setting this value to true, a session will be extended as if "Remember Me" was checked. restart: on-failure:5 depends_on: db: diff --git a/ollama/docker-compose.yml b/ollama/docker-compose.yml index 802b653..a706257 100644 --- a/ollama/docker-compose.yml +++ b/ollama/docker-compose.yml @@ -12,6 +12,14 @@ services: image: "ghcr.io/open-webui/open-webui:main" restart: always container_name: open-webui + environment: + OAUTH_CLIENT_ID: b8Ktsot896DWYOMpSeKCyA30b0SfV5hW1qSpQtEh + OAUTH_CLIENT_SECRET: qLW9FNTRIhWpS51Ynx1gx0AiB0x0UGrs5FVukyBZyDNrNYc6NLdotHJq9U6giQJ48TnIHpE3mHvbCFvXnR8jpeV5o50CgbLXGXATHb0Om2K80TvFLSgAhbU8oIBvdSvj + OAUTH_PROVIDER_NAME: auth.domr.ovh + OPENID_PROVIDER_URL: to https://auth.domr.ovh/application/o/openwebui/.well-known/openid-configuration + OPENID_REDIRECT_URI: to https://chat.domr.ovh/oauth/oidc/callback + ENABLE_OAUTH_SIGNUP : 'true' + volumes: - /home/soenke/docker-data/ollama/open-webui:/app/backend/data extra_hosts: diff --git a/paperless/docker-compose.yml b/paperless/docker-compose.yml index b0795ae..756a821 100644 --- a/paperless/docker-compose.yml +++ b/paperless/docker-compose.yml @@ -77,6 +77,23 @@ services: PAPERLESS_TIKA_ENABLED: 1 PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000 PAPERLESS_TIKA_ENDPOINT: http://tika:9998 + PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect + PAPERLESS_SOCIALACCOUNT_PROVIDERS: > + { + "openid_connect": { + "APPS": [ + { + "provider_id": "authentik", + "name": "auth.domr.ovh", + "client_id": "U9wsU9xPEU6oWEWO2jhiPr0OhUPcG3XvA8nGhPki", + "secret": "xFpnKcYaNcEuVReBWT6sGTprvUtYE0AT3lnHHshY8wKJlOw1NGsvtqIYqTgdp4VkTjLk3ZHr1Th4LaQYiciicYJe7LtpTa5qX3ICDBRJhs2HGX40sJMQ1LCnnEUrS9fZ", + "settings": { + "server_url": "https://auth.domr.ovh/application/o/paperless/.well-known/openid-configuration" + } + } + ], + "OAUTH_PKCE_ENABLED": "True" + } gotenberg: image: docker.io/gotenberg/gotenberg:7.10