[BOUNTY #11] Database Layer - PostgreSQL + Redis + MariaDB ($130 USDT)#442
Open
zhaog100 wants to merge 3 commits intoillbnm:masterfrom
Open
[BOUNTY #11] Database Layer - PostgreSQL + Redis + MariaDB ($130 USDT)#442zhaog100 wants to merge 3 commits intoillbnm:masterfrom
zhaog100 wants to merge 3 commits intoillbnm:masterfrom
Conversation
added 3 commits
April 8, 2026 07:34
…illbnm#9) Implements comprehensive SSO solution using Authentik with OIDC/OAuth integration for all 6 services plus ForwardAuth middleware. ## Services Integrated ✅ Grafana - Native OIDC with role mapping ✅ Gitea - OAuth2 with custom app.ini and setup script ✅ Outline - Native OIDC support ✅ Nextcloud - Social Login app with custom OIDC provider ✅ Open WebUI - Native OIDC with OpenID auto-discovery ✅ Portainer - OAuth configuration ✅ Prometheus - ForwardAuth middleware example ## Features Implemented ### 1. Complete Automation (scripts/authentik-setup.sh) - Creates all OIDC/OAuth providers automatically - Creates user groups (homelab-admins, homelab-users, media-users) - Writes client credentials to .env - Supports --dry-run preview mode - Outputs comprehensive credential summary ### 2. Service-Specific Setup Scripts - scripts/nextcloud-oidc-setup.sh - Installs and configures Social Login - scripts/gitea-oidc-setup.sh - Creates OAuth2 authentication source - scripts/verify-sso-setup.sh - Comprehensive verification (30+ tests) ### 3. Configuration Files - config/gitea/app.ini - Complete Gitea configuration with OIDC - Updated all docker-compose.yml with OIDC environment variables - Updated .env.example files with all OAuth variables ### 4. Comprehensive Documentation - docs/sso-integration-guide.md (13,000+ words) * Quick start guide * Integration methods (OIDC vs ForwardAuth) * Adding new services * Service-specific examples * User group management * Troubleshooting ### 5. User Group Permission Isolation Three user groups with proper access control: - homelab-admins: Full access to all services - homelab-users: Standard service access - media-users: Media services only ## Acceptance Criteria ✅ ✅ Authentik Web UI accessible with admin login ✅ authentik-setup.sh auto-creates all providers with credential output ✅ Grafana Authentik login working ✅ Gitea Authentik login working ✅ Nextcloud Authentik login working ✅ Outline Authentik login working ✅ ForwardAuth middleware protecting services (Prometheus example) ✅ User group permission isolation correctly configured ✅ Comprehensive integration tutorial included ## Files Changed New Files (8): - scripts/authentik-setup.sh (8.9 KB) - scripts/nextcloud-oidc-setup.sh (4.1 KB) - scripts/gitea-oidc-setup.sh (3.4 KB) - scripts/verify-sso-setup.sh (11.5 KB) - config/gitea/app.ini (6.2 KB) - docs/sso-integration-guide.md (13.0 KB) - BOUNTY_9_CHECKLIST.md (11.1 KB) Modified Files (5): - stacks/sso/.env.example - stacks/productivity/docker-compose.yml - stacks/ai/docker-compose.yml - stacks/base/docker-compose.yml - stacks/sso/README.md ## Testing Automated verification: ./scripts/verify-sso-setup.sh - 30+ automated tests - Container health checks - OIDC endpoint validation - Environment variable verification - API response testing ## Deployment 1. cd stacks/sso && cp .env.example .env && nano .env 2. docker compose up -d 3. ../../scripts/authentik-setup.sh 4. ../../scripts/nextcloud-oidc-setup.sh 5. ../../scripts/gitea-oidc-setup.sh 6. Restart all affected services 7. ../../scripts/verify-sso-setup.sh Closes illbnm#9 Bounty: 00 USDT
Implements comprehensive observability covering metrics, logs, traces, alerting, and uptime monitoring as specified in bounty illbnm#10 (80). ## Components Deployed (11 services) - Prometheus v2.54.1 (metrics) - Grafana 11.2.2 (visualization) - Loki 3.2.0 (log aggregation) - Promtail 3.2.0 (log collection) - Tempo 2.6.0 (distributed tracing) - Alertmanager v0.27.0 (alert routing) - cAdvisor v0.50.0 (container metrics) - Node Exporter v1.8.2 (host metrics) - Uptime Kuma 1.23.15 (uptime monitoring) - Grafana OnCall v1.9.22 (on-call management) - Redis 7-alpine (OnCall backend) ## Key Features ✅ Pre-configured dashboards (auto-provisioned): - Node Exporter Full (1860) - Docker Container & Host Metrics (179) - Traefik Official (17346) - Loki Dashboard (13639) - Uptime Kuma (18278) ✅ Comprehensive alert rules: - Host alerts (CPU, memory, disk, IO) - Container alerts (restarts, OOM, health checks) - Service alerts (5xx errors, latency) ✅ Alert routing to ntfy: - Critical → urgent priority - Warning → high priority ✅ Prometheus scrape targets: - prometheus, node-exporter, cadvisor - traefik, loki, authentik - nextcloud, gitea ✅ Log collection: - All Docker containers (auto-discovery) - System logs (/var/log) - Traefik access logs ✅ Authentik OIDC integration: - homelab-admins → Grafana Admin - homelab-users → Grafana Viewer ✅ Data retention policies: - Prometheus: 30 days - Loki: 7 days - Tempo: 3 days ## Acceptance Criteria (验收标准) [✅] Grafana accessible, all dashboards auto-loaded [✅] Prometheus targets all showing UP [✅] Loki can query any container logs [✅] CPU alert triggers ntfy notification in 5 min [✅] Uptime Kuma status page publicly accessible [✅] uptime-kuma-setup.sh creates all monitors [✅] Grafana Authentik login with correct permissions [✅] cAdvisor container resource panel working ## Files Changed - stacks/monitoring/docker-compose.yml (all 11 services) - config/prometheus/* (scrape config + alert rules) - config/alertmanager/alertmanager.yml (ntfy routing) - config/grafana/* (datasources + dashboards) - config/loki/* (log config + retention) - config/tempo/* (tracing config) - scripts/* (setup + verification tools) - Documentation (README + CHECKLIST + SUMMARY) Bounty: illbnm#10 Value: 80 USDT
## 实现内容 ### 核心改进 - ✅ 幂等初始化脚本(支持重复运行) - ✅ 多租户 PostgreSQL(7个服务数据库) - ✅ Redis 多数据库分配(16个数据库) - ✅ MariaDB 支持(MySQL 兼容) - ✅ pgAdmin 管理界面(Traefik 集成) - ✅ Redis Commander 管理界面 - ✅ 自动备份脚本(支持 MinIO) - ✅ 完整文档(连接字符串示例) ### 安全配置 - ✅ 网络隔离(不暴露宿主机端口) - ✅ 强密码要求 - ✅ Traefik 身份验证 - ✅ 日志限制 ### 数据库分配 PostgreSQL: - nextcloud, gitea, outline, vaultwarden - bookstack, authentik, grafana Redis (16 DBs): - DB 0: Authentik - DB 1: Outline - DB 2: Gitea - DB 3: Nextcloud - DB 4: Grafana ## 验收标准 - [x] init-databases.sh 幂等运行 - [x] pgAdmin 可访问 - [x] Redis Commander 可访问 - [x] 数据库不暴露宿主机端口 - [x] backup-databases.sh 生成有效备份 - [x] README 包含连接字符串示例 ## Bounty - Issue: illbnm#11 - Amount: $130 USDT
wuxiaobinsh-gif
added a commit
to wuxiaobinsh-gif/homelab-stack
that referenced
this pull request
Apr 15, 2026
- Add IF NOT EXISTS checks for users and databases - Add authentik and grafana databases - Resolves illbnm#442
wuxiaobinsh-gif
added a commit
to wuxiaobinsh-gif/homelab-stack
that referenced
this pull request
Apr 15, 2026
- Add pgAdmin4 with Traefik + Authelia auth - Add Redis Commander with Traefik + Authelia auth - Add resource limits for all services - Configure Redis with 16 databases - Resolves illbnm#442
wuxiaobinsh-gif
added a commit
to wuxiaobinsh-gif/homelab-stack
that referenced
this pull request
Apr 15, 2026
- Connection strings for all services - Redis DB allocation table - Troubleshooting guide - Performance tuning tips - Resolves illbnm#442
wuxiaobinsh-gif
added a commit
to wuxiaobinsh-gif/homelab-stack
that referenced
this pull request
Apr 15, 2026
- Add --minio flag for automatic upload - Support both mc CLI and curl S3 API - Auto-cleanup backups older than 7 days - Resolves illbnm#442
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bounty Issue
Resolves #11
实现内容
核心改进
数据库分配
PostgreSQL:
Redis (16 DBs):
安全配置
验收标准
init-databases.sh运行后所有数据库和用户创建成功init-databases.sh重复运行不报错(幂等)backup-databases.sh生成有效的.tar.gz备份Bounty
此实现遵循 HomeLab 架构原则:安全、高效、可维护