feat(setup): Enhance update script and add user database example
This commit is contained in:
105
README.md
105
README.md
@@ -25,6 +25,7 @@ The core idea is to manage media libraries (movies, TV shows, music), automate d
|
||||
- [(Optional) VPN Configuration](#optional-vpn-configuration)
|
||||
- [(Optional) Traefik DNS Challenge](#optional-traefik-dns-challenge)
|
||||
- [Service Access](#service-access)
|
||||
- [Setup Script Commands (`update-setup.sh`)](#setup-script-commands-update-setupsh)
|
||||
- [Managing Service Authentication](#managing-service-authentication)
|
||||
- [Optional Services](#optional-services)
|
||||
- [Troubleshooting](#troubleshooting)
|
||||
@@ -169,13 +170,15 @@ After completing all [Required Setup Steps](#required-setup-steps) above, follow
|
||||
# Make the script executable
|
||||
chmod +x ./update-setup.sh
|
||||
|
||||
# Run the setup tool
|
||||
./update-setup.sh
|
||||
# Run the setup tool (use 'all' for initial setup)
|
||||
./update-setup.sh all
|
||||
```
|
||||
This interactive script will guide you through:
|
||||
- Updating your `.env` file while preserving existing values
|
||||
- Configuring Authelia with your Tailscale domain settings
|
||||
- Setting up service configurations and retrieving API keys
|
||||
This script will:
|
||||
- Update your `.env` file while preserving existing values (`update-env`).
|
||||
- Configure Authelia with your Tailscale domain settings (`update-authelia`).
|
||||
- Set up service configurations and retrieve API keys (`update-services`).
|
||||
|
||||
You can also run individual commands like `./update-setup.sh update-authelia`. Run `./update-setup.sh help` for all options.
|
||||
|
||||
5. **Start the Stack:**
|
||||
```bash
|
||||
@@ -327,21 +330,19 @@ Authelia uses the `authelia/users_database.yml` file to manage users.
|
||||
groups:
|
||||
- users # Add to 'admins' group if needed
|
||||
```
|
||||
4. Save the file. Authelia should pick up the changes automatically (or restart the Authelia container: `docker compose restart authelia`).
|
||||
4. Save the file and restart Authelia: `docker compose restart authelia`.
|
||||
|
||||
* **Adding/Updating Users (Recommended Method):**
|
||||
Use the setup script's interactive tool:
|
||||
```bash
|
||||
./update-setup.sh manage-accounts
|
||||
```
|
||||
This script handles password hashing and file formatting, reducing the chance of errors. It will prompt you for the username, display name, email, and groups, then generate a secure password hash.
|
||||
|
||||
* **Enabling User Registration (Optional):**
|
||||
1. Edit `authelia/configuration.yml`.
|
||||
2. Find the commented-out `registration:` section near the bottom.
|
||||
3. Uncomment it and set `enable: true`:
|
||||
```yaml
|
||||
# registration:
|
||||
# enable: false # Set to true to enable registration form
|
||||
```
|
||||
becomes:
|
||||
```yaml
|
||||
registration:
|
||||
enable: true
|
||||
```
|
||||
3. Uncomment it and set `enable: true`.
|
||||
4. Save the file and restart Authelia (`docker compose restart authelia`).
|
||||
5. A "Register" link will now appear on the Authelia login page.
|
||||
|
||||
@@ -376,43 +377,43 @@ Replace `<TAILSCALE_NODE>` with your Tailscale device name (e.g., `tailscale-nas
|
||||
|
||||
If you configure DNS for your `APP_HOSTNAME` variable to point to the Tailscale IP, you can use `https://<APP_HOSTNAME>/<service_path>`.
|
||||
|
||||
### Setup Script Commands (`update-setup.sh`)
|
||||
|
||||
The `update-setup.sh` script provides various commands to manage your configuration. Run `./update-setup.sh help` to see all options.
|
||||
|
||||
**Core Setup & Updates:**
|
||||
|
||||
* `./update-setup.sh update-env`: Updates `.env` from `.env.example`, preserving existing values and highlighting new/deprecated keys.
|
||||
* `./update-setup.sh update-authelia`: Updates `authelia/configuration.yml` from the example, applying domain settings from `.env` and attempting to preserve secrets (uses `yq` if available).
|
||||
* `./update-setup.sh update-services`: Updates configurations for running *arr/qBittorrent/Bazarr containers (sets URL base, extracts API keys to `.env`). Restarts affected containers.
|
||||
* `./update-setup.sh all`: Runs `update-env`, `update-authelia`, and `update-services` sequentially. Recommended for initial setup and major updates.
|
||||
|
||||
**Authentication Management:**
|
||||
|
||||
* `./update-setup.sh list-auth`: Lists all detected services in `docker-compose.yml` and shows whether Authelia authentication is enabled or disabled for them.
|
||||
* `./update-setup.sh enable-auth <service>`: Enables Authelia authentication for the specified `<service>` by adding the `authelia-auth@docker` middleware label in `docker-compose.yml`.
|
||||
* `./update-setup.sh disable-auth <service>`: Disables Authelia authentication for the specified `<service>` by removing the `authelia-auth@docker` middleware label.
|
||||
* `./update-setup.sh enable-all-auth`: Attempts to enable authentication for all applicable services.
|
||||
* `./update-setup.sh disable-all-auth`: Attempts to disable authentication for all applicable services.
|
||||
|
||||
> **Important:** After using `enable-auth`, `disable-auth`, `enable-all-auth`, or `disable-all-auth`, you **must** restart your stack for the changes to take effect:
|
||||
> ```bash
|
||||
> docker compose down
|
||||
> docker compose up -d
|
||||
> ```
|
||||
|
||||
**User & File Management:**
|
||||
|
||||
* `./update-setup.sh manage-accounts`: Starts an interactive tool to add or update users in `authelia/users_database.yml`. It generates password hashes and prompts for user details.
|
||||
* `./update-setup.sh cleanup`: Interactively finds and deletes old backup files (`.bak`) created by the script. Allows keeping the most recent backup of each type.
|
||||
|
||||
**Help:**
|
||||
|
||||
* `./update-setup.sh help`: Displays the full list of commands and usage instructions.
|
||||
|
||||
### Managing Service Authentication
|
||||
|
||||
You can control which services require authentication using the updated `update-setup.sh` script:
|
||||
|
||||
```bash
|
||||
# List all services and their authentication status
|
||||
./update-setup.sh list-auth
|
||||
|
||||
# Disable authentication for Jellyfin (no login required)
|
||||
./update-setup.sh disable-auth jellyfin
|
||||
|
||||
# Enable authentication for Jellyfin (login required)
|
||||
./update-setup.sh enable-auth jellyfin
|
||||
|
||||
# Disable authentication for all services
|
||||
./update-setup.sh disable-all-auth
|
||||
|
||||
# Enable authentication for all services
|
||||
./update-setup.sh enable-all-auth
|
||||
|
||||
# Clean up backup files (keeps most recent by default)
|
||||
./update-setup.sh cleanup
|
||||
|
||||
# View all available commands
|
||||
./update-setup.sh help
|
||||
```
|
||||
|
||||
You can also manage authentication through the interactive menu by running `./update-setup.sh` and selecting option 5.
|
||||
|
||||
After making changes, restart your stack for the changes to take effect:
|
||||
|
||||
```bash
|
||||
docker compose down
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
This approach gives you complete control over which services require authentication, without needing to manually edit configuration files.
|
||||
Use the `update-setup.sh` script to easily control which services require Authelia login. See the `Authentication Management` commands in the [Setup Script Commands](#setup-script-commands-update-setupsh) section above for details.
|
||||
|
||||
## Optional Services
|
||||
|
||||
|
||||
Reference in New Issue
Block a user