Commit graph

378 commits

Author SHA1 Message Date
sivert
b98703cd70 Added options to make LAN access possible
The immich app has a feature to switch to another URL when on a specific
wifi network (e.g. home network). This change adds an option for listen
address so that the server can listen on LAN traffic. For this to work
with authelia, we need to add the appropriate redirect URL as well.

This is very handy for those of us who are using a proxy which blocks
large file uploads -- large files will then get synced automatically
when connecting to the home network.
2025-11-21 20:42:27 +01:00
ibizaman
403fb20c1b tests: remove more implicit imports 2025-11-21 09:52:13 +01:00
ibizaman
1cf6f6a2fe monitoring: add sso integration 2025-11-21 09:52:13 +01:00
ibizaman
9677691b2d docs: use better names for secrets 2025-11-21 09:52:13 +01:00
ibizaman
583b562ec2 monitoring: fix app name 2025-11-21 09:52:13 +01:00
ibizaman
061c194b1b docs: remove misleading comment 2025-11-21 09:52:13 +01:00
ibizaman
0071c8120d docs: add monitoring dashboard 2025-11-17 21:58:38 +01:00
ibizaman
29f2248681 forgejo: update deprecated options 2025-11-17 21:58:38 +01:00
ibizaman
bd286e6423 karakeep: update deprecated options 2025-11-17 21:58:38 +01:00
ibizaman
aa2622847e monitoring: add late backups alert 2025-11-17 21:58:38 +01:00
ibizaman
f93de0420f monitoring: add backup dashboard 2025-11-17 21:58:38 +01:00
ibizaman
693541e78f monitoring: add backup scheduling 2025-11-17 21:58:38 +01:00
ibizaman
42a8b2eebc monitoring: add logs to scraping job dashboard 2025-11-17 21:58:38 +01:00
ibizaman
e04ea6cb24 monitoring: surround with mkMerge 2025-11-17 21:58:38 +01:00
sivert
6e2cf2d035 #585 Immich: allow large uploads from mobile app 2025-11-15 20:48:52 +01:00
sivert
5287f42316 #583 Immich: add authelia bypass for mobile app
Adds bypasses for /api and /.well-known/immich so that the mobile app
authentication works.
2025-11-12 12:36:07 +01:00
ibizaman
a875835638 fmt: run formatter 2025-11-01 15:37:58 +01:00
ibizaman
e74e71ccef borgbackup: use backup and databasebackup contracts 2025-11-01 15:19:54 +01:00
ibizaman
08b0b52cfe restic: fix doc section level 2025-11-01 15:19:54 +01:00
ibizaman
f37a9fbb9c monitoring: enable erroneously disabled scrapers 2025-10-29 23:49:07 +01:00
ibizaman
48802553de chore: format all files 2025-10-28 22:17:00 +01:00
ibizaman
f62d2889c1 mod: only import hardcodedsecret from tests 2025-10-25 10:18:12 +02:00
ibizaman
5022bb5886 karakeep: fix meilisearch secret 2025-10-24 02:15:22 +02:00
ibizaman
6b7a6c6748 karakeep: configure meilisearch with master key and auto update 2025-10-24 01:54:26 +02:00
ibizaman
7ebe421fa0 nextcloud: bump default version from 30 to 31 2025-10-23 03:05:12 +02:00
ibizaman
63b7b09a0f karakeep: init 2025-10-22 03:33:17 +02:00
ibizaman
139ceca768 authelia: add extraOidcAuthorizationPolicies option
This is needed for example to only authorize users of a given group to access a service.
Usually, the application itself enforces this but some don't.
2025-10-22 03:33:17 +02:00
ibizaman
2cc2ab5195 mod: use more callPackage now that is passes shb lib too 2025-10-15 01:38:35 +02:00
ibizaman
6e64c7f8cf mod: merge shb functions into lib 2025-10-15 01:20:00 +02:00
ibizaman
283e12d87d test: merge functions into lib and set backdoor everywhere 2025-10-15 01:20:00 +02:00
ibizaman
9892f55ae2 mod: make imports explicit and remove system 2025-10-12 00:24:52 +02:00
ibizaman
6d0ee7494f nextcloud: allow to set sso integration without ldap 2025-10-09 02:04:20 +02:00
ibizaman
a536ee141e open-webui: do not login when not belonging to user or admin group 2025-10-09 02:04:20 +02:00
ibizaman
969630c22b revert added tests
This reverts commit ffa918aec6.
It was merged incorrectly because I tricked the tests to succeed by accident.
2025-10-05 00:08:32 +02:00
ibizaman
ffa918aec6 tests: assert user with unknown group cannot login with sso or ldap 2025-10-04 23:52:14 +02:00
ibizaman
01d8f735ae open-webui: show how to clone a secret in the docs 2025-10-04 23:24:23 +02:00
ibizaman
b840c404ab open-webui: fix giving environment to the upstream service 2025-10-04 23:24:23 +02:00
ibizaman
f938528ba6 open-webui: add missing authorization_policy 2025-09-27 22:44:15 +02:00
ibizaman
32d643d13f open-webui: fix documentation 2025-09-27 22:06:43 +02:00
ibizaman
02b73d2dce open-webui: init 2025-09-27 21:25:40 +02:00
ibizaman
b46a227b5b monitoring: add doc on retention time 2025-09-27 21:25:40 +02:00
ibizaman
1c2ff3e381 monitoring: update docs to use secrets contract 2025-09-27 21:25:40 +02:00
ibizaman
771e9758b0 lldap: update deprecated option 2025-09-27 21:25:40 +02:00
ibizaman
c0ab22eebd pinchflat: update docs 2025-09-27 21:25:40 +02:00
ibizaman
c6ad91fb35 pinchflat: use temp dir to store secret 2025-09-27 21:25:40 +02:00
sivert
2f785919d9 #100 Immich service
- Declarative SSO setup via json config file
- roleClaim via LDAP groups to automatically set admin privileges
- SSO tested manually, but not yet in playwright test
- Storage quota claim not yet implemented
- Authelia rule prevents access by non-members of
userGroup/adminUserGroup
2025-09-20 14:43:38 +02:00
ibizaman
6f74d4c56c docs: fix typos in forgejo documentation 2025-09-17 10:59:12 +02:00
ibizaman
98b4cc32b6 pinchflat: init 2025-09-17 10:59:12 +02:00
ibizaman
b24eed9a86 lib: add toEnvVar function 2025-09-17 10:59:12 +02:00
ibizaman
6f27de81d2 forgejo: clean backup dumps
This assumes the dumps are moved elsewhere.
2025-09-09 17:03:30 +02:00