feat(services): Properly configure and enable authelia
This commit is contained in:
parent
9376dc8b71
commit
0a110d5493
4 changed files with 65 additions and 4 deletions
|
@ -1,3 +1,8 @@
|
|||
authelia:
|
||||
JWT_SECRET: ENC[AES256_GCM,data:a1LyPNaojDm8JtcCahkYx8TGGjbh2Appz1s5ruZzQs4VOMgtdV7MWl3RMpk=,iv:7y+ZhNYMS8t6Y3YqBJjnESBCK5BPM6Y+BbXMDSUQcc0=,tag:ksoR48cTA2eIg+JEvCXFWw==,type:str]
|
||||
SESSION_SECRET: ENC[AES256_GCM,data:kr8+BsQhJQRmfhvzlOGBItqiRtHi2BcD9adhsL1N8FURe8sCPoOiNnwT0IM=,iv:97UPC5Woerm+ftrOMJ0HBM8jhF5ea+2H3QZU3a6i+fY=,tag:63N+r/BoBDaWYcEXUtIksw==,type:str]
|
||||
STORAGE_PASSWORD: ENC[AES256_GCM,data:o+7Bszd/hPOaMMF/NOHVxMTY92hUZrFYu+4gkYkMkAubYiEfsX6kus4oToA=,iv:Q2sl8ZKblupyMO7GY/VCklQWTlHRtSsuVHRC60uwPfc=,tag:QxbpVJXq3HtEzHeFLoVOEw==,type:str]
|
||||
STORAGE_ENCRYPTION_KEY: ENC[AES256_GCM,data:gGIayEmpkF+uLpsn69DgWcZPzeIV9xgAFBFgEMEKvSCoGx5id1bq/EFM81o=,iv:6SjBuo+/WosohTEWX8QwPqHd2f80ljx+m3WSjiChusU=,tag:pk2mNtGTOpFNcyVO8fFFuQ==,type:str]
|
||||
caddy:
|
||||
ovh_endpoint: ENC[AES256_GCM,data:dTdfKCWE,iv:NnmdUyM9F8ujEIfEEl9WXGLY3zRpIy9BDeqs1frK+R0=,tag:1AblJqi2hKISXBqNdWybqQ==,type:str]
|
||||
ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str]
|
||||
|
@ -34,8 +39,8 @@ sops:
|
|||
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
||||
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-02T07:32:18Z"
|
||||
mac: ENC[AES256_GCM,data:0fwZxJO2LKpwV4+IYbBSyrqcQt4RrqlF/2OM8vP+3B/AI3Ny6LSP851IXdwzIMtMLiGBnvl787sXmZWPcUaizq3XmQR7t9lX/q4WkgVIDZ5JQtmHc4TSYDIxECBAQ5P4V6CNsUw3gjC5X4OSLtSfil/pAXbcMFKdlVLgP4S6wMU=,iv:UlJPlLFx2y/YJQWEDCY4NyqkZuQjNH8yCeELzoa3IoU=,tag:JI1tTnMSnQiWXVZmqb+ykA==,type:str]
|
||||
lastmodified: "2024-10-18T08:30:16Z"
|
||||
mac: ENC[AES256_GCM,data:c4Ngpz/GK+20/SvGVVzS1n6ChLCRHIdyHfvfapy5dkMMeWbxVbVgSz6G+q0CW38deQiGMbWO3V+w/dhyI6Re3A688X+RQBnsUSqsLpXZeamxUbtqzWaS/bedBfg1T5sQLwXYpeqWoCgpd4bHfT3DfApYW02ScU7gkFQiMRlpsXA=,iv:s+ah+0zA0jBv0aDJbB2C3Y38ifD7XFNEjjFS1hCplsE=,tag:mc8DgCyVP+4y+8nqitmE1w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
|
|
|
@ -5,14 +5,68 @@ access_control:
|
|||
rules:
|
||||
- domain: '*.gasdev.fr'
|
||||
policy: one_factor
|
||||
|
||||
server:
|
||||
address: 'tcp://:9091/'
|
||||
endpoints:
|
||||
authz:
|
||||
forward-auth:
|
||||
implementation: 'ForwardAuth'
|
||||
|
||||
session:
|
||||
cookies:
|
||||
- domain: 'gasdev.fr'
|
||||
authelia_url: 'https://auth.gasdev.fr'
|
||||
default_redirection_url: 'https://www.example.com'
|
||||
default_redirection_url: 'https://auth.gasdev.fr/authenticated'
|
||||
|
||||
authentication_backend:
|
||||
password_reset:
|
||||
disable: false
|
||||
|
||||
file:
|
||||
path: '/data/users_database.yml'
|
||||
password:
|
||||
algorithm: 'argon2'
|
||||
|
||||
password_policy:
|
||||
standard:
|
||||
enabled: true
|
||||
min_length: 10
|
||||
max_length: 128
|
||||
require_uppercase: true
|
||||
require_lowercase: true
|
||||
require_number: true
|
||||
require_special: true
|
||||
|
||||
storage:
|
||||
local:
|
||||
path: /data/db.sqlite3
|
||||
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: '/data/notification.txt'
|
||||
|
||||
log:
|
||||
level: 'info'
|
||||
format: 'json'
|
||||
|
||||
totp:
|
||||
issuer: 'gasdev.fr'
|
||||
## https://www.authelia.com/c/totp#algorithm
|
||||
algorithm: 'SHA1'
|
||||
|
||||
## https://www.authelia.com/c/totp#digits
|
||||
digits: 6
|
||||
period: 30
|
||||
## See: https://www.authelia.com/c/totp#input-validation to read
|
||||
skew: 1
|
||||
|
||||
webauthn:
|
||||
disable: true
|
||||
|
||||
duo_api:
|
||||
disable: true
|
||||
|
||||
ntp:
|
||||
address: 'udp://time.cloudflare.com:123'
|
||||
|
||||
|
|
|
@ -16,10 +16,11 @@
|
|||
environment = {
|
||||
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
|
||||
AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
|
||||
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
|
||||
# AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
|
||||
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
|
||||
};
|
||||
volumes = [
|
||||
"authelia-data:/data"
|
||||
"/run/secrets/authelia:/secrets"
|
||||
"/etc/authelia/configuration.yml:/config/configuration.yml"
|
||||
];
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./authelia
|
||||
./garage
|
||||
./shadowsocks
|
||||
./uptime-kuma
|
||||
|
|
Loading…
Reference in a new issue