#!/bin/bash # Category : Security # Description : Authelia - Authentication & SSO (c/u/s/r/i): installAuthelia() { local config_variables="$1" if [[ "$authelia" == *[cCtTuUsSrRiI]* ]]; then dockerConfigSetupToContainer silent authelia; local app_name=$CFG_AUTHELIA_APP_NAME initializeAppVariables $app_name; fi if [[ "$authelia" == *[cC]* ]]; then editAppConfig $app_name; fi if [[ "$authelia" == *[uU]* ]]; then dockerUninstallApp $app_name; fi if [[ "$authelia" == *[sS]* ]]; then dockerComposeDown $app_name; fi if [[ "$authelia" == *[rR]* ]]; then dockerComposeRestart $app_name; fi if [[ "$authelia" == *[iI]* ]]; then isHeader "Install $app_name" # Pre-flight: bail out before touching any compose/config if the # global prerequisites aren't met. CFG_AUTHELIA_REQUIRES lists # what's needed (currently "domain,traefik"); the helper prints a # clear list of what's missing so the user knows what to fix. if ! appInstallCheckRequirements "$app_name" "$CFG_AUTHELIA_REQUIRES"; then authelia=n return 1 fi ((menu_number++)) echo "" echo "---- $menu_number. Setting up install folder and config file for $app_name." echo "" dockerConfigSetupToContainer "loud" "$app_name" "install" "$config_variables"; isSuccessful "Install folders and Config files have been setup for $app_name." ((menu_number++)) echo "" ((menu_number++)) echo "" echo "---- $menu_number. Setting up the $app_name docker-compose.yml file." echo "" dockerComposeSetupFile $app_name; local result=$(copyResource "$app_name" "configuration.yml" "config" | sudo tee -a "$logs_dir/$docker_log_file" 2>&1) checkSuccess "Copying configuration.yml to $containers_dir$app_name/config" local result=$(copyResource "$app_name" "users_database.yml" "config" | sudo tee -a "$logs_dir/$docker_log_file" 2>&1) checkSuccess "Copying users_database.yml to $containers_dir$app_name/config" local authelia_config_file="$containers_dir$app_name/config/configuration.yml" sudo sed -i "s|AUTHELIA_THEME_PLACEHOLDER|$CFG_AUTHELIA_THEME|g" "$authelia_config_file" sudo sed -i "s|AUTHELIA_DOMAIN_PLACEHOLDER|$domain_full|g" "$authelia_config_file" sudo sed -i "s|AUTHELIA_HOST_PLACEHOLDER|$host_setup|g" "$authelia_config_file" checkSuccess "Substituting Authelia configuration values (theme=$CFG_AUTHELIA_THEME domain=$domain_full host=$host_setup)" local authelia_secrets_dir="$containers_dir$app_name/secrets" sudo mkdir -p "$authelia_secrets_dir" for secret_name in JWT_SECRET SESSION_SECRET STORAGE_ENCRYPTION_KEY; do local secret_file="$authelia_secrets_dir/$secret_name" if [[ ! -s "$secret_file" ]]; then openssl rand -hex 64 | sudo tee "$secret_file" >/dev/null sudo chmod 600 "$secret_file" fi done sudo chown -R "$docker_install_user":"$docker_install_user" "$authelia_secrets_dir" checkSuccess "Generated Authelia secrets at $authelia_secrets_dir" # Enable Authelia's telemetry/metrics endpoint only when # CFG_AUTHELIA_MONITORING=true (toggles the libreportal-monitoring # marker block in configuration.yml). monitoringToggleAppConfig "$app_name" "config/configuration.yml"; ((menu_number++)) echo "" echo "---- $menu_number. Updating file permissions before starting." echo "" fixPermissionsBeforeStart $app_name; ((menu_number++)) echo "" echo "---- $menu_number. Running the docker-compose.yml to install and start $app_name" echo "" dockerComposeUpdateAndStartApp $app_name install; ((menu_number++)) echo "" echo "---- $menu_number. Configuring Authelia admin account" echo "" local authelia_admin_user="${CFG_AUTHELIA_ADMIN_USERNAME:-admin}" local authelia_admin_pass="${CFG_AUTHELIA_ADMIN_PASSWORD:-authelia}" local authelia_users_file="$containers_dir$app_name/config/users_database.yml" local authelia_attempts=0 while ((authelia_attempts < 30)); do if sudo docker exec authelia-service authelia --version >/dev/null 2>&1; then break fi sleep 2 ((authelia_attempts++)) done if ((authelia_attempts >= 30)); then isNotice "Authelia container did not become responsive in time — admin left at default (admin / authelia)." else local authelia_hash authelia_hash=$(sudo docker exec authelia-service authelia crypto hash generate argon2 --password "$authelia_admin_pass" 2>/dev/null \ | grep -oE '\$argon2[^[:space:]]+') if [[ -z "$authelia_hash" ]]; then isNotice "Could not generate Authelia password hash — admin left at default (admin / authelia)." else sudo tee "$authelia_users_file" >/dev/null <