aki/docker-compose-nas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: aki:f9531228d67872f4e2cfcfdfb1e71f2373a35159
Branches Tags
aki:main
aki:feature/traefik-authelia-integration
...
compare: aki:9ac533865d9978f6c0cfaaafad9b500822ea4de7
Branches Tags
aki:feature/traefik-authelia-integration
aki:main

1 Commits
f9531228d6 ... 9ac533865d

Author SHA1 Message Date
aki
9ac533865d fix(update-setup): Improve Authelia configuration update logic and replace placeholders
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Details
2025-04-26 20:27:19 +08:00
1 changed files with 45 additions and 45 deletions
Show Stats Expand all files Collapse all files

72
update-setup.sh
View File

@ -62,6 +62,7 @@ create_backup() {
cp "$1" "$2"
}
##################################################
# PART 1: Update .env file from .env.example
##################################################
@ -205,6 +206,7 @@ update_env_file() {
echo -e "\n${BLUE}Review your updated $ENV_FILE file and adjust any values as needed.${NC}"
}
##################################################
# PART 2: Update Authelia configuration
##################################################
@ -270,42 +272,42 @@ update_authelia_config() {
local existing_notifier=$(yq e '.notifier // ""' "$AUTHELIA_CONFIG_BACKUP")
# Update secrets in temp file if they existed in the backup
if [[ -n "$existing_jwt_secret" && "$existing_jwt_secret" != '""' && "$existing_jwt_secret" != "null" ]]; then
yq e -i '.identity_validation.reset_password.jwt_secret = strenv(existing_jwt_secret)' --env existing_jwt_secret="$existing_jwt_secret" "$TEMP_CONFIG"
fi
if [[ -n "$existing_session_secret" && "$existing_session_secret" != '""' && "$existing_session_secret" != "null" ]]; then
yq e -i '.session.secret = strenv(existing_session_secret)' --env existing_session_secret="$existing_session_secret" "$TEMP_CONFIG"
fi
if [[ -n "$existing_storage_key" && "$existing_storage_key" != '""' && "$existing_storage_key" != "null" ]]; then
yq e -i '.storage.encryption_key = strenv(existing_storage_key)' --env existing_storage_key="$existing_storage_key" "$TEMP_CONFIG"
fi
if [[ -n "$existing_redis_pass" && "$existing_redis_pass" != '""' && "$existing_redis_pass" != "null" ]]; then
yq e -i '.session.redis.password = strenv(existing_redis_pass)' --env existing_redis_pass="$existing_redis_pass" "$TEMP_CONFIG"
fi
if [[ -n "$existing_notifier" && "$existing_notifier" != '""' && "$existing_notifier" != "null" ]]; then
yq e -i '.notifier = strenv(existing_notifier)' --env existing_notifier="$existing_notifier" "$TEMP_CONFIG"
fi
if [[ -n "$existing_jwt_secret" && "$existing_jwt_secret" != '""' && "$existing_jwt_secret" != "null" ]]; then
existing_jwt_secret="$existing_jwt_secret" \
yq e -i '.identity_validation.reset_password.jwt_secret = strenv(existing_jwt_secret)' "$TEMP_CONFIG"
fi
if [[ -n "$existing_session_secret" && "$existing_session_secret" != '""' && "$existing_session_secret" != "null" ]]; then
existing_session_secret="$existing_session_secret" \
yq e -i '.session.secret = strenv(existing_session_secret)' "$TEMP_CONFIG"
fi
if [[ -n "$existing_storage_key" && "$existing_storage_key" != '""' && "$existing_storage_key" != "null" ]]; then
existing_storage_key="$existing_storage_key" \
yq e -i '.storage.encryption_key = strenv(existing_storage_key)' "$TEMP_CONFIG"
fi
if [[ -n "$existing_redis_pass" && "$existing_redis_pass" != '""' && "$existing_redis_pass" != "null" ]]; then
existing_redis_pass="$existing_redis_pass" \
yq e -i '.session.redis.password = strenv(existing_redis_pass)' "$TEMP_CONFIG"
fi
if [[ -n "$existing_notifier" && "$existing_notifier" != '""' && "$existing_notifier" != "null" ]]; then
existing_notifier="$existing_notifier" \
yq e -i '.notifier = strenv(existing_notifier)' "$TEMP_CONFIG"
fi
fi
# Update domain settings from .env
echo -e "${BLUE}Applying Tailscale domain settings...${NC}"
# Update domain in session section
yq e -i ".session.cookies[0].domain = \"${TAILNET_DOMAIN}\"" "$TEMP_CONFIG"
# Replace placeholder full hostname
yq e -i "walk(if type == \"string\" and . == \"tailscale-nas.your-tailnet.ts.net\" then \"${FULL_HOSTNAME}\" else . end)" "$TEMP_CONFIG"
# Update domain in access_control (find wildcard domain rule and update it)
# This assumes there's a rule with a wildcard domain like "*.example.com"
local domain_rule_index=$(yq e ".access_control.rules | map(.domain) | map(select(. == \"*.*\")) | indices" "$TEMP_CONFIG" | head -n 1 | tr -d '[]')
if [[ -n "$domain_rule_index" && "$domain_rule_index" != "null" ]]; then
yq e -i ".access_control.rules[$domain_rule_index].domain = \"${WILDCARD_DOMAIN}\"" "$TEMP_CONFIG"
fi
# Replace placeholder tailnet domain
yq e -i "walk(if type == \"string\" and . == \"your-tailnet.ts.net\" then \"${TAILNET_DOMAIN}\" else . end)" "$TEMP_CONFIG"
# Update authelia_url if it exists (it's a URL that must match cookie scope)
if yq e -e '.identity_validation.reset_password.authelia_url' "$TEMP_CONFIG" &>/dev/null; then
yq e -i ".identity_validation.reset_password.authelia_url = \"https://${FULL_HOSTNAME}\"" "$TEMP_CONFIG"
fi
# Move the temp file to the final location
# Move temp file to final location
mv "$TEMP_CONFIG" "$AUTHELIA_CONFIG"
echo -e "${GREEN}Authelia configuration updated successfully!${NC}"
@ -316,15 +318,14 @@ update_authelia_config() {
# Create a new file from the example
cp "$AUTHELIA_CONFIG_EXAMPLE" "$AUTHELIA_CONFIG.new"
# Update domain settings with sed (more fragile)
sed -i "s/domain: \".*\"/domain: \"${TAILNET_DOMAIN}\"/" "$AUTHELIA_CONFIG.new"
sed -i "s/domain: \"\\*\\..*\"/domain: \"${WILDCARD_DOMAIN}\"/" "$AUTHELIA_CONFIG.new"
sed -i "s|authelia_url: \"https://.*\"|authelia_url: \"https://${FULL_HOSTNAME}\"|" "$AUTHELIA_CONFIG.new"
# Replace placeholders manually
sed -i "s|tailscale-nas\.your-tailnet\.ts\.net|${FULL_HOSTNAME}|g" "$AUTHELIA_CONFIG.new"
sed -i "s|your-tailnet\.ts\.net|${TAILNET_DOMAIN}|g" "$AUTHELIA_CONFIG.new"
# Move the new file to the final location
mv "$AUTHELIA_CONFIG.new" "$AUTHELIA_CONFIG"
echo -e "${YELLOW}Authelia configuration updated with sed. Secret values might need to be manually transferred.${NC}"
echo -e "${YELLOW}Authelia configuration updated with sed.${NC}"
fi
echo -e "${GREEN}Authelia configuration update completed.${NC}"
@ -690,8 +691,7 @@ update_service_configs() {
fi
}
##################################################
# PART 5: Authelia Account Management
##################################################
# PART 4: Authelia Policy Management
##################################################