From 42c29d776b145a88858dfa86d89945e519a12f46 Mon Sep 17 00:00:00 2001 From: Colin Hebert Date: Thu, 26 Jan 2023 12:44:05 +0100 Subject: [PATCH] Set up notifiarr --- nas-compose.env | 2 ++ services/authentication/configs/access.yml | 5 ++-- services/notifiarr/docker-compose.yml | 30 +++++++++++++++++++ .../configs/dynamic/htransformation.yml | 9 ++++++ services/reverse-proxy/configs/traefik.yml | 6 ++++ services/reverse-proxy/docker-compose.yml | 4 +++ 6 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 services/notifiarr/docker-compose.yml create mode 100644 services/reverse-proxy/configs/dynamic/htransformation.yml diff --git a/nas-compose.env b/nas-compose.env index 1c3ed1c..0dbbaf6 100644 --- a/nas-compose.env +++ b/nas-compose.env @@ -26,3 +26,5 @@ NASCOMPOSE_AUTHELIA_SMTP_SENDER= NASCOMPOSE_DUCKDNS_DOMAIN= NASCOMPOSE_TRANSMISSION_VPNREGION= + +NASCOMPOSE_NOTIFIARR_MODE= diff --git a/services/authentication/configs/access.yml b/services/authentication/configs/access.yml index fbc0d26..e779d12 100644 --- a/services/authentication/configs/access.yml +++ b/services/authentication/configs/access.yml @@ -34,8 +34,9 @@ access_control: policy: one_factor subject: - 'group:transmission-basic' - # Disable authentication on API protected by API keys - - domain_regex: '^(bazarr|prowlarr|radarr|sonarr)\.' + # Disable authentication on API protected by API keys. + # Note those are behind authelia, therefore external access to the API; internal access doesn't require a bypass + - domain_regex: '^(prowlarr|radarr|sonarr|notifiarr)\.' policy: bypass resources: - '^/api$' diff --git a/services/notifiarr/docker-compose.yml b/services/notifiarr/docker-compose.yml new file mode 100644 index 0000000..bc9eea9 --- /dev/null +++ b/services/notifiarr/docker-compose.yml @@ -0,0 +1,30 @@ +name: Notifiarr + +services: + notifiarr: + hostname: notifiarr + image: golift/notifiarr + environment: + PUID: ${NASCOMPOSE_UID?} + PGID: ${NASCOMPOSE_GID?} + DN_UI_PASSWORD: webauth + DN_MODE: ${NASCOMPOSE_NOTIFIARR_MODE?} + networks: + - reverse-proxy + volumes: + - notifiarr_config:/config/ + restart: unless-stopped + labels: + traefik.enable: true + traefik.http.routers.notifiarr.middlewares: authelia@file, notifiarr-authelia@file + +networks: + reverse-proxy: + external: true + +volumes: + notifiarr_config: + driver_opts: + type: none + o: bind + device: ${NASCOMPOSE_SERVICES?}/notifiarr/volumes/notifiarr_config/ diff --git a/services/reverse-proxy/configs/dynamic/htransformation.yml b/services/reverse-proxy/configs/dynamic/htransformation.yml new file mode 100644 index 0000000..c11a223 --- /dev/null +++ b/services/reverse-proxy/configs/dynamic/htransformation.yml @@ -0,0 +1,9 @@ +http: + middlewares: + notifiarr-authelia: + plugin: + htransformation: + Rules: + - Type: Rename + Header: Remote-User + Value: X-WebAuth-User diff --git a/services/reverse-proxy/configs/traefik.yml b/services/reverse-proxy/configs/traefik.yml index 937c69d..4e8710d 100644 --- a/services/reverse-proxy/configs/traefik.yml +++ b/services/reverse-proxy/configs/traefik.yml @@ -30,3 +30,9 @@ entryPoints: global: sendAnonymousUsage: false + +experimental: + plugins: + htransformation: + moduleName: github.com/tomMoulard/htransformation + version: v0.2.7 diff --git a/services/reverse-proxy/docker-compose.yml b/services/reverse-proxy/docker-compose.yml index c8b02a0..0d6ff8c 100644 --- a/services/reverse-proxy/docker-compose.yml +++ b/services/reverse-proxy/docker-compose.yml @@ -19,6 +19,8 @@ services: target: /etc/traefik/dynamic/tls.yml - source: traefik_hsts target: /etc/traefik/dynamic/hsts.yml + - source: traefik_htransformation + target: /etc/traefik/dynamic/htransformation.yml - source: traefik_authelia target: /etc/traefik/dynamic/authelia.yml @@ -49,6 +51,8 @@ configs: file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/tls.yml traefik_hsts: file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/hsts.yml + traefik_htransformation: + file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/htransformation.yml traefik_authelia: file: ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic/authelia.yml traefik_transmission-api: