ddf00fbf90
Move the Authelia stack (compose, config, snippets, docs) out of the separate /opt/authelia repo into authelia/, so the whole deployment shares ONE operator .env at the repo root. The four shared infra vars (TS_OAUTH_CLIENT_SECRET, TS_TAILNET, DB_MAGIC_NAME, REDIS_MAGIC_NAME) are defined once; authelia/.env is a symlink to ../.env (gitignored, recreated per host). .env.example + .gitignore folded in. Run from the repo root: docker compose -f authelia/docker-compose.yml up -d (or: cd authelia && docker compose up -d — the .env symlink makes it resolve). The standalone /opt/authelia is left intact as a history archive; remove once this is verified. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
35 lines
976 B
Plaintext
35 lines
976 B
Plaintext
# Operator secrets — never commit. Copy .env.example -> .env and fill in.
|
|
.env
|
|
caddy/.env
|
|
|
|
# Local-only overrides
|
|
*.local.toml
|
|
*.local.json
|
|
|
|
# Built Caddy binary (rebuild from caddy/Dockerfile instead of committing 50MB)
|
|
caddy/caddy
|
|
caddy/*.bin
|
|
|
|
# Local operational artifacts — DB dumps, store exports, validation runs.
|
|
# These contain REAL secrets + account/mail data. Never commit.
|
|
_backup/
|
|
_validate/
|
|
*.dump
|
|
# Stalwart store export/import dirs (stalwart --export/--import)
|
|
export/
|
|
*.export
|
|
|
|
# NB: config/config.json IS committed on purpose — it's the v0.16 bootstrap
|
|
# config and is secret-free (DB password comes from $STALWART_DB_PASSWORD via
|
|
# the EnvironmentVariable secret type). Don't add it here.
|
|
|
|
# Authelia (moved under authelia/) — single .env lives at repo root; authelia/.env
|
|
# is a symlink to it (matched by the .env rule above). Plus its runtime data.
|
|
authelia/config/*.db
|
|
authelia/config/notification.txt
|
|
|
|
# Editor swap / backup files
|
|
*.swp
|
|
*.swo
|
|
*~
|