oauth MEALIE

oauth OLLAMA
oauth PAPERLESS

mealie/docker-compose.yml

@@ -47,13 +47,23 @@ services:
       POSTGRES_SERVER: mealie-db
       POSTGRES_PORT: 5432
       POSTGRES_DB: mealie
-      SMTP_HOST: smtp.gmail.com
+      SMTP_HOST: ${SYSTEM_EMAIL_SMTP_HOST}
-      SMTP_PORT: 587
+      SMTP_PORT: ${SYSTEM_EMAIL_SMTP_PORT}
       SMTP_FROM_NAME: Mealie
       SMTP_AUTH_STRATEGY: TLS # Options: TLS, SSL, NONE
-      SMTP_FROM_EMAIL: Your-own-gmail-address
+      SMTP_FROM_EMAIL: ${SYSTEM_EMAIL_USER}
-      SMTP_USER: Your-own-gmail-address
+      SMTP_USER: ${SYSTEM_EMAIL_USER}
-      SMTP_PASSWORD: Your-own-app-password
+      SMTP_PASSWORD: ${SYSTEM_EMAIL_PASSSWORD}
+      OIDC_AUTH_ENABLED: true
+      OIDC_PROVIDER_NAME: auth.domr.ovh
+      OIDC_CONFIGURATION_URL: https://authentik.company/application/o/<slug from authentik>/.well-known/openid-configuration
+      OIDC_CLIENT_ID: oVmVbL9Ehd1KAjSgAseAMZw4LHV6gmUfsFEf2Akp
+      OIDC_CLIENT_SECRET: WP2hs4qKjmEpKQabIvKCBgDwtlm534It526vs3Mg9lrBGgzswG9sCh0nw7ieW9y7D7OMRe0x2gkcHqcdP37LVMBgpR3f2rABSlOduhyZhPQKOUNBk79AQNxYr23Mdaud
+      OIDC_SIGNUP_ENABLED: true
+      OIDC_USER_GROUP: <Your users group created in authentik>
+      OIDC_ADMIN_GROUP: <Your admins group created in authentik>
+      OIDC_AUTO_REDIRECT: true   # Optional: The login page will be bypassed and you will be sent directly to your Identity Provider.
+      OIDC_REMEMBER_ME: true     # Optional: By setting this value to true, a session will be extended as if "Remember Me" was checked.
     restart: on-failure:5
     depends_on:
       db:

ollama/docker-compose.yml

@@ -12,6 +12,14 @@ services:
         image: "ghcr.io/open-webui/open-webui:main"
         restart: always
         container_name: open-webui
+        environment:
+            OAUTH_CLIENT_ID: b8Ktsot896DWYOMpSeKCyA30b0SfV5hW1qSpQtEh
+            OAUTH_CLIENT_SECRET: qLW9FNTRIhWpS51Ynx1gx0AiB0x0UGrs5FVukyBZyDNrNYc6NLdotHJq9U6giQJ48TnIHpE3mHvbCFvXnR8jpeV5o50CgbLXGXATHb0Om2K80TvFLSgAhbU8oIBvdSvj
+            OAUTH_PROVIDER_NAME: auth.domr.ovh
+            OPENID_PROVIDER_URL: to https://auth.domr.ovh/application/o/openwebui/.well-known/openid-configuration
+            OPENID_REDIRECT_URI: to https://chat.domr.ovh/oauth/oidc/callback
+            ENABLE_OAUTH_SIGNUP : 'true'
+
         volumes:
             - /home/soenke/docker-data/ollama/open-webui:/app/backend/data
         extra_hosts:

paperless/docker-compose.yml

@@ -77,6 +77,23 @@ services:
       PAPERLESS_TIKA_ENABLED: 1
       PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
       PAPERLESS_TIKA_ENDPOINT: http://tika:9998
+      PAPERLESS_APPS: allauth.socialaccount.providers.openid_connect
+      PAPERLESS_SOCIALACCOUNT_PROVIDERS: >
+        {
+          "openid_connect": {
+            "APPS": [
+              {
+                "provider_id": "authentik",
+                "name": "auth.domr.ovh",
+                "client_id": "U9wsU9xPEU6oWEWO2jhiPr0OhUPcG3XvA8nGhPki",
+                "secret": "xFpnKcYaNcEuVReBWT6sGTprvUtYE0AT3lnHHshY8wKJlOw1NGsvtqIYqTgdp4VkTjLk3ZHr1Th4LaQYiciicYJe7LtpTa5qX3ICDBRJhs2HGX40sJMQ1LCnnEUrS9fZ",
+                "settings": {
+                  "server_url": "https://auth.domr.ovh/application/o/paperless/.well-known/openid-configuration"
+                }
+              }
+            ],
+            "OAUTH_PKCE_ENABLED": "True"
+          }
 
   gotenberg:
     image: docker.io/gotenberg/gotenberg:7.10