asdf

2025-12-31 09:23:40 -06:00 · 2025-12-31 09:23:40 -06:00 · a14d2580bd
commit a14d2580bd
parent 2efa654c38
1 changed files with 19 additions and 7 deletions
--- a/mealie.yaml
+++ b/mealie.yaml
@ -11,25 +11,34 @@ services:
      PGID: "998"
      TZ: "America/Chicago"

-
      MAX_WORKERS: "1"
      WEB_CONCURRENCY: "1"
      BASE_URL: "https://recipe.netgrimoire.com"

+      # Disable local auth / signup (SSO-only)
+      ALLOW_PASSWORD_LOGIN: "false"
+      ALLOW_SIGNUP: "false"
+
+      # OIDC (authentik)
      OIDC_AUTH_ENABLED: "true"
      OIDC_PROVIDER_NAME: "authentik"
      OIDC_CONFIGURATION_URL: "https://auth.netgrimoire.com/application/o/mealie/.well-known/openid-configuration"
      OIDC_CLIENT_ID: "tidMeWe3Ak30zRzcmC5vwoCqAIHXQsaVwJEp44Mz"
-      OIDC_CLIENT_SECRET: "OD0CLgELUEWGoZ8IUnduGbxhyhh4vgjMBxBAjyopNOkATWIEWSYeWRDdfY6ulX2Fj7zuUp9dpgzjoFatNviLD8E5Cv2815eDrZxH9gNb52Taur0LzqBPk25yLCvsnjXK"
-      OIDC_SIGNUP_ENABLED: "true"
-      OIDC_USER_GROUP: "mealie-users"
-      OIDC_ADMIN_GROUP: "mealie-admins"
+      OIDC_CLIENT_SECRET: "REDACTED"
      OIDC_AUTO_REDIRECT: "true"
      OIDC_REMEMBER_ME: "true"
-      ALLOW_PASSWORD_LOGIN: "false"
-      ALLOW_SIGNUP: "false"
+
+      # User provisioning and claim mapping
+      OIDC_SIGNUP_ENABLED: "true"
      OIDC_USER_CLAIM: "sub"
      OIDC_NAME_CLAIM: "preferred_username"
+      OIDC_GROUPS_CLAIM: "groups"
+      OIDC_SCOPES_OVERRIDE: "openid profile email"
+
+      # Group-based role mapping
+      OIDC_USER_GROUP: "mealie-users"
+      OIDC_ADMIN_GROUP: "mealie-admins"
+



@ -40,6 +49,9 @@ services:
      - netgrimoire

    deploy:
+      placement:
+        constraints:
+          - node.hostname == docker4
      labels:
        - homepage.group=PNCHarris Apps
        - homepage.name=Mealie