- assets/header.svg: animated SVG header (twinkling stars, orbiting service dots, Atlas A logo with glow, float/pulse animations, corner accents) - README.md: animated banner, full 39-app service catalog, Mermaid architecture, AI stack table, tech stack, quick-deploy, repo structure, security model - ARCHITECTURE.md: one-box philosophy, 5-tier service layers, data flow diagram, Caddy SSO pattern, AI mesh topology, Docker Compose topology - SERVICES.md: all 55 containers + 20 systemd services documented - CHANGELOG.md: full build history from v0.5 to v2.0 - assets/logo.svg: Atlas A logo with gradient - deploy/install.sh: one-command installer (Docker + Caddy + Tailscale + stacks) - deploy/compose/atlas-core.yml: Authentik + Nextcloud + Stalwart + Forgejo + Vaultwarden - deploy/caddy/Caddyfile.template: Authentik SSO pattern, sanitized - deploy/README.md: full deployment guide - server/: sanitized atlas_brain.py, cockpit_shim.py, intelligence.py, meridian.py, atlas_router_api.py, cli-atlas.py (all secrets stripped, env var patterns) - server/systemd/: 6 atlas-* service unit files - server/README.md: deployment and configuration guide Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
37 lines
834 B
Text
37 lines
834 B
Text
# Atlas OS — Caddyfile Template
|
|
# Replace {DOMAIN} with your actual domain, {EMAIL} with your admin email
|
|
|
|
{
|
|
email {EMAIL}
|
|
admin off
|
|
}
|
|
|
|
# Authentik SSO snippet — import into every protected site
|
|
(authentik) {
|
|
reverse_proxy /outpost.goauthentik.io/* localhost:9000
|
|
forward_auth localhost:9000 {
|
|
uri /outpost.goauthentik.io/auth/caddy
|
|
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt
|
|
}
|
|
}
|
|
|
|
# SSO-gated service example
|
|
app.{DOMAIN} {
|
|
import authentik
|
|
reverse_proxy localhost:8080
|
|
}
|
|
|
|
# Public service (no SSO)
|
|
public.{DOMAIN} {
|
|
reverse_proxy localhost:8090
|
|
}
|
|
|
|
# Authentik itself (must be public for SSO redirects)
|
|
auth.{DOMAIN} {
|
|
reverse_proxy localhost:9000
|
|
}
|
|
|
|
# HTTP -> HTTPS
|
|
http://*.{DOMAIN} {
|
|
redir https://{host}{uri} permanent
|
|
}
|