From 8f5c03762a6537015f5a351af277a40125417b9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?So=CC=88nke=20Domro=CC=88se?=
 <soenke.domroese@lichtblick.de>
Date: Mon, 26 May 2025 16:32:01 +0200
Subject: [PATCH] add Authentik & changedetection

---
 authentik/.env                   | 15 +++++++++++++++
 authentik/README.md              |  6 ++++++
 caddy/Caddyfile                  | 16 ++++++++++++++++
 changedetect/docker-compose.yaml | 16 ++++++++++++++++
 4 files changed, 53 insertions(+)
 create mode 100644 authentik/.env
 create mode 100644 authentik/README.md
 create mode 100644 changedetect/docker-compose.yaml

diff --git a/authentik/.env b/authentik/.env
new file mode 100644
index 0000000..329633e
--- /dev/null
+++ b/authentik/.env
@@ -0,0 +1,15 @@
+# SMTP Host Emails are sent to
+AUTHENTIK_EMAIL__HOST=localhost
+AUTHENTIK_EMAIL__PORT=25
+# Optionally authenticate (don't add quotation marks to your password)
+AUTHENTIK_EMAIL__USERNAME=
+AUTHENTIK_EMAIL__PASSWORD=
+# Use StartTLS
+AUTHENTIK_EMAIL__USE_TLS=false
+# Use SSL
+AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__TIMEOUT=10
+# Email address authentik will send from, should have a correct @domain
+AUTHENTIK_EMAIL__FROM=authentik@localhost
+COMPOSE_PORT_HTTP=8444
+COMPOSE_PORT_HTTPS=9444
\ No newline at end of file
diff --git a/authentik/README.md b/authentik/README.md
new file mode 100644
index 0000000..d91e03b
--- /dev/null
+++ b/authentik/README.md
@@ -0,0 +1,6 @@
+* After install run
+```
+    echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env
+    echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env
+    # echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
+```
\ No newline at end of file
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 9fb7a38..d97e600 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -129,6 +129,22 @@ backend.bracket.home.domroese.eu:443 {
     reverse_proxy 192.168.1.65:8400
 }
 
+changedetect.home.domroese.eu:80,
+changedetect.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:5238
+}
+
+
+authentik.home.domroese.eu:443 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:9444
+}
+authentik.bracket.home.domroese.eu:80 {
+    tls soenke@domroese.eu        
+    reverse_proxy 192.168.1.65:8444
+}
+
 caddy.home.domroese.eu:443 {
     tls soenke@domroese.eu        
     reverse_proxy 192.168.1.65:8881
diff --git a/changedetect/docker-compose.yaml b/changedetect/docker-compose.yaml
new file mode 100644
index 0000000..c8770c4
--- /dev/null
+++ b/changedetect/docker-compose.yaml
@@ -0,0 +1,16 @@
+---
+services:
+  changedetection:
+    image: lscr.io/linuxserver/changedetection.io:latest
+    container_name: changedetection
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - BASE_URL= #optional
+      - PLAYWRIGHT_DRIVER_URL= #optional
+    volumes:
+      - /home/soenke/docker-data/changedetect/config:/config
+    ports:
+      - 5238:5000
+    restart: unless-stopped