gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add optional SMTP configuration for Authentik, including email host, port, and credentials. Update README and .env.sample to clarify usage for outbound email settings. Introduce blueprint support for enhanced deployment flexibility, with assertions in Ansible tasks to ensure required variables are set when enabled.

Browse Source
This commit is contained in:
Nikholas Pcenicni
2026-05-14 22:21:11 -04:00
parent e48b19b64c
commit fbcd2416e6
14 changed files with 478 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
komodo/s3/versitygw/.env.sample
View File

@@ -26,11 +26,30 @@ VERSITYGW_WEBUI_PORT=8080
# VGW_WEBUI_GATEWAYS=https://s3.example.com
VGW_WEBUI_GATEWAYS=
# Public origin of the **WebUI** page (Pangolin → :8080), e.g. https://s3-ui.example.com
# Required when UI and API are on different hosts so the browser can call the API (CORS).
# Public origin of the **browser app** that calls the S3 API (no path, no trailing slash).
# Use this when the UI is on a different hostname than the API — e.g. third-party S3 consoles,
# or the built-in WebUI behind Pangolin on another host than :10000.
# Example: VGW_CORS_ALLOW_ORIGIN=https://s3-ui.pcenicni.dev
#
# VersityGW maps the browsers preflight Access-Control-Request-Headers into
# Access-Control-Allow-Headers (Authorization, X-Amz-Date, X-Amz-Content-Sha256, Content-Type, …)
# when there is **no** per-bucket CORS configuration. You do not set those headers separately here.
#
# If you used PutBucketCors on a bucket, that config replaces this fallback for that bucket: add
# the same Origin and AllowedHeader entries (or *) there, or delete bucket CORS to rely on this.
# VGW_CORS_ALLOW_ORIGIN=https://s3-ui.example.com
VGW_CORS_ALLOW_ORIGIN=
# --- Pangolin (edge) vs Versity CORS ---
# If VGW_CORS_ALLOW_ORIGIN is correct but the browser still says CORS failed, the edge often
# never returns Versitys Access-Control-* headers: Pangolin can answer OPTIONS / block preflight
# before Newt reaches :10000. S3 clients send OPTIONS without SigV4 auth; Pangolin SSO or
# “authorization” on the HTTP resource can reject that (see https://github.com/fosrl/pangolin/issues/2369 ).
# Mitigations: make the **S3 API** hostname resource public (no Pangolin auth on that resource),
# or add a rule that allows OPTIONS to pass through when Pangolin supports method-based rules;
# confirm with: curl -sv -X OPTIONS -H "Origin: https://your-s3-ui" -H "Access-Control-Request-Method: PUT" \
# -H "Access-Control-Request-Headers: authorization,content-type" "https://your-s3-api-host/" 2>&1 | head -40
# NFS: object metadata defaults to xattrs; most NFS mounts need sidecar mode
# (compose.yaml uses --sidecar /data/sidecar). Create the host path, e.g.
# mkdir -p /mnt/nfs/versity/sidecar