feat(services): Properly configure and enable authelia

This commit is contained in:
GaspardCulis 2024-10-18 10:53:36 +02:00
parent 9376dc8b71
commit 0a110d5493
4 changed files with 65 additions and 4 deletions

View file

@ -1,3 +1,8 @@
authelia:
JWT_SECRET: ENC[AES256_GCM,data:a1LyPNaojDm8JtcCahkYx8TGGjbh2Appz1s5ruZzQs4VOMgtdV7MWl3RMpk=,iv:7y+ZhNYMS8t6Y3YqBJjnESBCK5BPM6Y+BbXMDSUQcc0=,tag:ksoR48cTA2eIg+JEvCXFWw==,type:str]
SESSION_SECRET: ENC[AES256_GCM,data:kr8+BsQhJQRmfhvzlOGBItqiRtHi2BcD9adhsL1N8FURe8sCPoOiNnwT0IM=,iv:97UPC5Woerm+ftrOMJ0HBM8jhF5ea+2H3QZU3a6i+fY=,tag:63N+r/BoBDaWYcEXUtIksw==,type:str]
STORAGE_PASSWORD: ENC[AES256_GCM,data:o+7Bszd/hPOaMMF/NOHVxMTY92hUZrFYu+4gkYkMkAubYiEfsX6kus4oToA=,iv:Q2sl8ZKblupyMO7GY/VCklQWTlHRtSsuVHRC60uwPfc=,tag:QxbpVJXq3HtEzHeFLoVOEw==,type:str]
STORAGE_ENCRYPTION_KEY: ENC[AES256_GCM,data:gGIayEmpkF+uLpsn69DgWcZPzeIV9xgAFBFgEMEKvSCoGx5id1bq/EFM81o=,iv:6SjBuo+/WosohTEWX8QwPqHd2f80ljx+m3WSjiChusU=,tag:pk2mNtGTOpFNcyVO8fFFuQ==,type:str]
caddy: caddy:
ovh_endpoint: ENC[AES256_GCM,data:dTdfKCWE,iv:NnmdUyM9F8ujEIfEEl9WXGLY3zRpIy9BDeqs1frK+R0=,tag:1AblJqi2hKISXBqNdWybqQ==,type:str] ovh_endpoint: ENC[AES256_GCM,data:dTdfKCWE,iv:NnmdUyM9F8ujEIfEEl9WXGLY3zRpIy9BDeqs1frK+R0=,tag:1AblJqi2hKISXBqNdWybqQ==,type:str]
ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str] ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str]
@ -34,8 +39,8 @@ sops:
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-02T07:32:18Z" lastmodified: "2024-10-18T08:30:16Z"
mac: ENC[AES256_GCM,data:0fwZxJO2LKpwV4+IYbBSyrqcQt4RrqlF/2OM8vP+3B/AI3Ny6LSP851IXdwzIMtMLiGBnvl787sXmZWPcUaizq3XmQR7t9lX/q4WkgVIDZ5JQtmHc4TSYDIxECBAQ5P4V6CNsUw3gjC5X4OSLtSfil/pAXbcMFKdlVLgP4S6wMU=,iv:UlJPlLFx2y/YJQWEDCY4NyqkZuQjNH8yCeELzoa3IoU=,tag:JI1tTnMSnQiWXVZmqb+ykA==,type:str] mac: ENC[AES256_GCM,data:c4Ngpz/GK+20/SvGVVzS1n6ChLCRHIdyHfvfapy5dkMMeWbxVbVgSz6G+q0CW38deQiGMbWO3V+w/dhyI6Re3A688X+RQBnsUSqsLpXZeamxUbtqzWaS/bedBfg1T5sQLwXYpeqWoCgpd4bHfT3DfApYW02ScU7gkFQiMRlpsXA=,iv:s+ah+0zA0jBv0aDJbB2C3Y38ifD7XFNEjjFS1hCplsE=,tag:mc8DgCyVP+4y+8nqitmE1w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0

View file

@ -5,14 +5,68 @@ access_control:
rules: rules:
- domain: '*.gasdev.fr' - domain: '*.gasdev.fr'
policy: one_factor policy: one_factor
server: server:
address: 'tcp://:9091/'
endpoints: endpoints:
authz: authz:
forward-auth: forward-auth:
implementation: 'ForwardAuth' implementation: 'ForwardAuth'
session: session:
cookies: cookies:
- domain: 'gasdev.fr' - domain: 'gasdev.fr'
authelia_url: 'https://auth.gasdev.fr' authelia_url: 'https://auth.gasdev.fr'
default_redirection_url: 'https://www.example.com' default_redirection_url: 'https://auth.gasdev.fr/authenticated'
authentication_backend:
password_reset:
disable: false
file:
path: '/data/users_database.yml'
password:
algorithm: 'argon2'
password_policy:
standard:
enabled: true
min_length: 10
max_length: 128
require_uppercase: true
require_lowercase: true
require_number: true
require_special: true
storage:
local:
path: /data/db.sqlite3
notifier:
filesystem:
filename: '/data/notification.txt'
log:
level: 'info'
format: 'json'
totp:
issuer: 'gasdev.fr'
## https://www.authelia.com/c/totp#algorithm
algorithm: 'SHA1'
## https://www.authelia.com/c/totp#digits
digits: 6
period: 30
## See: https://www.authelia.com/c/totp#input-validation to read
skew: 1
webauthn:
disable: true
duo_api:
disable: true
ntp:
address: 'udp://time.cloudflare.com:123'

View file

@ -16,10 +16,11 @@
environment = { environment = {
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET"; AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET"; AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD"; # AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY"; AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
}; };
volumes = [ volumes = [
"authelia-data:/data"
"/run/secrets/authelia:/secrets" "/run/secrets/authelia:/secrets"
"/etc/authelia/configuration.yml:/config/configuration.yml" "/etc/authelia/configuration.yml:/config/configuration.yml"
]; ];

View file

@ -1,5 +1,6 @@
{ {
imports = [ imports = [
./authelia
./garage ./garage
./shadowsocks ./shadowsocks
./uptime-kuma ./uptime-kuma