# See: https://www.reddit.com/r/unRAID/comments/pbic8g/how_to_add_environment_variables_to_authelia/

version: "3.7"
services:
  authelia:
    image: authelia/authelia:4.36
      #container_name: authelia
    command:
      - authelia
      - "--config=/config/configuration.yml"
      - "--config=/config/configuration.${APP_AUTHELIA_BACKEND:-ldap}.yml"

    volumes:
      - ./conf:/config
    #networks:
    #  - default
    labels:
      #- 'traefik.enable=true'
      #- 'traefik.http.routers.authelia.rule=Host(`authelia.example.com`)'
      #- 'traefik.http.routers.authelia.entrypoints=https'
      #- 'traefik.http.routers.authelia.tls=true'
      #- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
      #- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com'  # yamllint disable-line rule:line-length
      #
      - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.trustForwardHeader=true'
      - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${app_fqdn}'
      - 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email'  # yamllint disable-line rule:line-length
    healthcheck:
      disable: true
    environment:


      # Direct password insertion
      - AUTHELIA_JWT_SECRET=jwt_54648798798sdfgksdfjgklsdfjglksdfjg
      - AUTHELIA_SESSION_SECRET=session_4565798dfghsdfkgjhsdfjkghsdkfjghdf
      - AUTHELIA_STORAGE_ENCRYPTION_KEY=sto_789453645867asdjhgfiuklasdhgukasdfhgiuadfhgiluadfrhg


      # MISC
      #- AUTHELIA_DEFAULT_REDICTION_URL=${app_fqdn}
      - AUTHELIA_DEFAULT_REDIRECTION_URL=https://${app_fqdn}
      - AUTHELIA_SESSION_DOMAIN=${app_domain}
      #- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${app_domain}

      # LDAP configuration
      # DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP=true
      # DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP_URL=ldap://ldap
      # DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP_BASE_DN=DC=barbu-it,DC=com
      # DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP_USER=CN=admin,DC=barbu-it,DC=com
      # DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP_PASSWORD=JarWucact1DoocAcKods


      # # Secret management
      # - AUTHELIA_JWT_SECRET_FILE=/config/secret_jwt
      # - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/config/secret_storage
      # - AUTHELIA_SESSION_SECRET_FILE=/config/secret_session
      # - AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE=/config/secret_ldap
      # - AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/config/secret_mysql
      # - AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE=/config/secret_postgresql
      # - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secret_smtp