oauth MEALIE

oauth OLLAMA oauth PAPERLESS
2025-06-08 22:52:24 +02:00
parent 48c162ffe1
commit 5e34990d27
3 changed files with 40 additions and 5 deletions
--- a/mealie/docker-compose.yml
+++ b/mealie/docker-compose.yml
@@ -47,13 +47,23 @@ services:
      POSTGRES_SERVER: mealie-db
      POSTGRES_PORT: 5432
      POSTGRES_DB: mealie
-      SMTP_HOST: smtp.gmail.com
-      SMTP_PORT: 587
+      SMTP_HOST: ${SYSTEM_EMAIL_SMTP_HOST}
+      SMTP_PORT: ${SYSTEM_EMAIL_SMTP_PORT}
      SMTP_FROM_NAME: Mealie
      SMTP_AUTH_STRATEGY: TLS # Options: TLS, SSL, NONE
-      SMTP_FROM_EMAIL: Your-own-gmail-address
-      SMTP_USER: Your-own-gmail-address
-      SMTP_PASSWORD: Your-own-app-password
+      SMTP_FROM_EMAIL: ${SYSTEM_EMAIL_USER}
+      SMTP_USER: ${SYSTEM_EMAIL_USER}
+      SMTP_PASSWORD: ${SYSTEM_EMAIL_PASSSWORD}
+      OIDC_AUTH_ENABLED: true
+      OIDC_PROVIDER_NAME: auth.domr.ovh
+      OIDC_CONFIGURATION_URL: https://authentik.company/application/o/<slug from authentik>/.well-known/openid-configuration
+      OIDC_CLIENT_ID: oVmVbL9Ehd1KAjSgAseAMZw4LHV6gmUfsFEf2Akp
+      OIDC_CLIENT_SECRET: WP2hs4qKjmEpKQabIvKCBgDwtlm534It526vs3Mg9lrBGgzswG9sCh0nw7ieW9y7D7OMRe0x2gkcHqcdP37LVMBgpR3f2rABSlOduhyZhPQKOUNBk79AQNxYr23Mdaud
+      OIDC_SIGNUP_ENABLED: true
+      OIDC_USER_GROUP: <Your users group created in authentik>
+      OIDC_ADMIN_GROUP: <Your admins group created in authentik>
+      OIDC_AUTO_REDIRECT: true   # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
+      OIDC_REMEMBER_ME: true     # Optional: By setting this value to true, a session will be extended as if "Remember Me" was checked.
    restart: on-failure:5
    depends_on:
      db:
--- a/ollama/docker-compose.yml
+++ b/ollama/docker-compose.yml
@@ -12,6 +12,14 @@ services:
        image: "ghcr.io/open-webui/open-webui:main"
        restart: always
        container_name: open-webui
+        environment:
+            OAUTH_CLIENT_ID: b8Ktsot896DWYOMpSeKCyA30b0SfV5hW1qSpQtEh
+            OAUTH_CLIENT_SECRET: qLW9FNTRIhWpS51Ynx1gx0AiB0x0UGrs5FVukyBZyDNrNYc6NLdotHJq9U6giQJ48TnIHpE3mHvbCFvXnR8jpeV5o50CgbLXGXATHb0Om2K80TvFLSgAhbU8oIBvdSvj
+            OAUTH_PROVIDER_NAME: auth.domr.ovh
+            OPENID_PROVIDER_URL: to https://auth.domr.ovh/application/o/openwebui/.well-known/openid-configuration
+            OPENID_REDIRECT_URI: to https://chat.domr.ovh/oauth/oidc/callback
+            ENABLE_OAUTH_SIGNUP : 'true'
+
        volumes:
            - /home/soenke/docker-data/ollama/open-webui:/app/backend/data
        extra_hosts:
--- a/paperless/docker-compose.yml
+++ b/paperless/docker-compose.yml
@@ -77,6 +77,23 @@ services:
      PAPERLESS_TIKA_ENABLED: 1
      PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
      PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
+        {
+          "openid_connect": {
+            "APPS": [
+              {
+                "provider_id": "authentik",
+                "name": "auth.domr.ovh",
+                "client_id": "U9wsU9xPEU6oWEWO2jhiPr0OhUPcG3XvA8nGhPki",
+                "secret": "xFpnKcYaNcEuVReBWT6sGTprvUtYE0AT3lnHHshY8wKJlOw1NGsvtqIYqTgdp4VkTjLk3ZHr1Th4LaQYiciicYJe7LtpTa5qX3ICDBRJhs2HGX40sJMQ1LCnnEUrS9fZ",
+                "settings": {
+                  "server_url": "https://auth.domr.ovh/application/o/paperless/.well-known/openid-configuration"
+                }
+              }
+            ],
+            "OAUTH_PKCE_ENABLED": "True"
+          }

  gotenberg:
    image: docker.io/gotenberg/gotenberg:7.10