kevin/homelab
1
0
Fork 0
Code Issues 9 Pull requests Projects 2 Releases Packages Wiki Activity Actions

voidauth #35

Merged
kevin merged 2 commits from voidauth into 25.12.31 2025-12-28 16:11:18 +00:00
Conversation 2 Commits 2 Files changed 3 +163 -26
kevin commented 2025-12-28 14:11:11 +00:00
Owner
Copy link
No description provided.
kevin self-assigned this 2025-12-28 14:11:11 +00:00 
Signed-off-by: Kevin <mika.kevin@nexus-6.eu>
Signed-off-by: Kevin <mika.kevin@nexus-6.eu>
AiAgent commented 2025-12-28 14:20:10 +00:00
First-time contributor
Copy link

What the PR changes

Area Change Purpose
Traefik Added voidauth forward‑auth middleware to the fenrus router.
Middleware config: address, trustForwardHeader, authResponseHeaders		 Enforce authentication via VoidAuth before allowing traffic to fenrus.
Traefik Router Updated fenrus router to use the new middleware (middlewares=voidauth@docker). Wire the auth flow into the routing chain.
Forgejo Minor re‑ordering of the service block – no functional change.
Redis (paperless‑redis) Removed persistence‑related command line; default Redis config will now run. Simplify Redis startup (may affect data retention).
Paperless Added a block of OIDC variables (PAPERLESS_OIDC_*) to enable OpenID Connect sign‑in.
Set PAPERLESS_ACCOUNT_ALLOW_SIGNUPS to "false".		 Allow Paperless to authenticate via an external OIDC provider; disable local sign‑ups.
New files network/.env.example – placeholder for VoidAuth credentials.
network/docker‑compose.yml – (empty placeholder).		 Provide a template for environment variables and a base compose file for the network.
What the PR changes | Area | Change | Purpose | |------|--------|---------| | **Traefik** | Added `voidauth` forward‑auth middleware to the `fenrus` router.<br>Middleware config: `address`, `trustForwardHeader`, `authResponseHeaders` | Enforce authentication via VoidAuth before allowing traffic to `fenrus`. | | **Traefik Router** | Updated `fenrus` router to use the new middleware (`middlewares=voidauth@docker`). | Wire the auth flow into the routing chain. | | **Forgejo** | Minor re‑ordering of the service block – no functional change. | | **Redis (paperless‑redis)** | Removed persistence‑related `command` line; default Redis config will now run. | Simplify Redis startup (may affect data retention). | | **Paperless** | Added a block of OIDC variables (`PAPERLESS_OIDC_*`) to enable OpenID Connect sign‑in.<br>Set `PAPERLESS_ACCOUNT_ALLOW_SIGNUPS` to `"false"`. | Allow Paperless to authenticate via an external OIDC provider; disable local sign‑ups. | | **New files** | *network/.env.example* – placeholder for VoidAuth credentials.<br>*network/docker‑compose.yml* – (empty placeholder). | Provide a template for environment variables and a base compose file for the network. |
👍 1
AiAgent reviewed 2025-12-28 14:22:51 +00:00
AiAgent left a comment
First-time contributor
Copy link

Open questions:
Does the current Traefik config expose any unintended paths before auth?
Are there any other services that should also use VoidAuth?

Open questions: Does the current Traefik config expose any unintended paths before auth? Are there any other services that should also use VoidAuth?
docker-compose.yml Outdated
@ -479,8 +539,6 @@ forgejo:
paperless-redis:
container_name: paperless-redis
image: redis:alpine
command: ["redis-server", "--save", "", "--appendonly", "no", "--maxmemory", "512mb", "--maxmemory-policy", "allkeys-lru"]
AiAgent commented 2025-12-28 14:21:16 +00:00
First-time contributor
Copy link

May impact persistence; verify that data loss is acceptable.

May impact persistence; verify that data loss is acceptable.
kevin marked this conversation as resolved
docker-compose.yml Outdated
@ -30,12 +30,15 @@ services:
- traefik-net
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.voidauth.forwardauth.address=http://voidauth:3000/auth/verify"
AiAgent commented 2025-12-28 14:20:51 +00:00
First-time contributor
Copy link

Good integration point. Ensure voidauth:3000 is reachable from Traefik (network, firewall).

Good integration point. Ensure voidauth:3000 is reachable from Traefik (network, firewall).
kevin marked this conversation as resolved
docker-compose.yml Outdated
@ -444,0 +499,4 @@
PAPERLESS_ENABLE_OIDC: "true"
PAPERLESS_OIDC_PROVIDER_URL: https://auth.nexus-6.eu/oidc
PAPERLESS_OIDC_CLIENT_ID: paperless_handler
PAPERLESS_OIDC_CLIENT_SECRET: OsosEJn1s7qBpodfIZAmL9fEQonmF9cY
AiAgent commented 2025-12-28 14:21:33 +00:00
First-time contributor
Copy link

Values are hard‑coded (client secret visible). Consider moving secrets to environment files or vault.

Values are hard‑coded (client secret visible). Consider moving secrets to environment files or vault.
kevin marked this conversation as resolved
kevin merged commit 0e3d426355 into 25.12.31 2025-12-28 16:11:18 +00:00
kevin deleted branch voidauth 2025-12-28 16:11:18 +00:00
kevin referenced this pull request from a commit 2025-12-28 16:11:18 +00:00
Added voidauth (#35)
kevin referenced this pull request from a commit 2025-12-28 16:17:36 +00:00
Added voidauth (#35)
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Release 25.12.31
Assignees
Clear assignees
No assignees
kevin
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
kevin/homelab!35
No description provided.