feat(services): Properly configure and enable authelia
This commit is contained in:
parent
9376dc8b71
commit
0a110d5493
4 changed files with 65 additions and 4 deletions
|
@ -1,3 +1,8 @@
|
||||||
|
authelia:
|
||||||
|
JWT_SECRET: ENC[AES256_GCM,data:a1LyPNaojDm8JtcCahkYx8TGGjbh2Appz1s5ruZzQs4VOMgtdV7MWl3RMpk=,iv:7y+ZhNYMS8t6Y3YqBJjnESBCK5BPM6Y+BbXMDSUQcc0=,tag:ksoR48cTA2eIg+JEvCXFWw==,type:str]
|
||||||
|
SESSION_SECRET: ENC[AES256_GCM,data:kr8+BsQhJQRmfhvzlOGBItqiRtHi2BcD9adhsL1N8FURe8sCPoOiNnwT0IM=,iv:97UPC5Woerm+ftrOMJ0HBM8jhF5ea+2H3QZU3a6i+fY=,tag:63N+r/BoBDaWYcEXUtIksw==,type:str]
|
||||||
|
STORAGE_PASSWORD: ENC[AES256_GCM,data:o+7Bszd/hPOaMMF/NOHVxMTY92hUZrFYu+4gkYkMkAubYiEfsX6kus4oToA=,iv:Q2sl8ZKblupyMO7GY/VCklQWTlHRtSsuVHRC60uwPfc=,tag:QxbpVJXq3HtEzHeFLoVOEw==,type:str]
|
||||||
|
STORAGE_ENCRYPTION_KEY: ENC[AES256_GCM,data:gGIayEmpkF+uLpsn69DgWcZPzeIV9xgAFBFgEMEKvSCoGx5id1bq/EFM81o=,iv:6SjBuo+/WosohTEWX8QwPqHd2f80ljx+m3WSjiChusU=,tag:pk2mNtGTOpFNcyVO8fFFuQ==,type:str]
|
||||||
caddy:
|
caddy:
|
||||||
ovh_endpoint: ENC[AES256_GCM,data:dTdfKCWE,iv:NnmdUyM9F8ujEIfEEl9WXGLY3zRpIy9BDeqs1frK+R0=,tag:1AblJqi2hKISXBqNdWybqQ==,type:str]
|
ovh_endpoint: ENC[AES256_GCM,data:dTdfKCWE,iv:NnmdUyM9F8ujEIfEEl9WXGLY3zRpIy9BDeqs1frK+R0=,tag:1AblJqi2hKISXBqNdWybqQ==,type:str]
|
||||||
ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str]
|
ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str]
|
||||||
|
@ -34,8 +39,8 @@ sops:
|
||||||
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
||||||
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-02T07:32:18Z"
|
lastmodified: "2024-10-18T08:30:16Z"
|
||||||
mac: ENC[AES256_GCM,data:0fwZxJO2LKpwV4+IYbBSyrqcQt4RrqlF/2OM8vP+3B/AI3Ny6LSP851IXdwzIMtMLiGBnvl787sXmZWPcUaizq3XmQR7t9lX/q4WkgVIDZ5JQtmHc4TSYDIxECBAQ5P4V6CNsUw3gjC5X4OSLtSfil/pAXbcMFKdlVLgP4S6wMU=,iv:UlJPlLFx2y/YJQWEDCY4NyqkZuQjNH8yCeELzoa3IoU=,tag:JI1tTnMSnQiWXVZmqb+ykA==,type:str]
|
mac: ENC[AES256_GCM,data:c4Ngpz/GK+20/SvGVVzS1n6ChLCRHIdyHfvfapy5dkMMeWbxVbVgSz6G+q0CW38deQiGMbWO3V+w/dhyI6Re3A688X+RQBnsUSqsLpXZeamxUbtqzWaS/bedBfg1T5sQLwXYpeqWoCgpd4bHfT3DfApYW02ScU7gkFQiMRlpsXA=,iv:s+ah+0zA0jBv0aDJbB2C3Y38ifD7XFNEjjFS1hCplsE=,tag:mc8DgCyVP+4y+8nqitmE1w==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
|
@ -5,14 +5,68 @@ access_control:
|
||||||
rules:
|
rules:
|
||||||
- domain: '*.gasdev.fr'
|
- domain: '*.gasdev.fr'
|
||||||
policy: one_factor
|
policy: one_factor
|
||||||
|
|
||||||
server:
|
server:
|
||||||
|
address: 'tcp://:9091/'
|
||||||
endpoints:
|
endpoints:
|
||||||
authz:
|
authz:
|
||||||
forward-auth:
|
forward-auth:
|
||||||
implementation: 'ForwardAuth'
|
implementation: 'ForwardAuth'
|
||||||
|
|
||||||
session:
|
session:
|
||||||
cookies:
|
cookies:
|
||||||
- domain: 'gasdev.fr'
|
- domain: 'gasdev.fr'
|
||||||
authelia_url: 'https://auth.gasdev.fr'
|
authelia_url: 'https://auth.gasdev.fr'
|
||||||
default_redirection_url: 'https://www.example.com'
|
default_redirection_url: 'https://auth.gasdev.fr/authenticated'
|
||||||
|
|
||||||
|
authentication_backend:
|
||||||
|
password_reset:
|
||||||
|
disable: false
|
||||||
|
|
||||||
|
file:
|
||||||
|
path: '/data/users_database.yml'
|
||||||
|
password:
|
||||||
|
algorithm: 'argon2'
|
||||||
|
|
||||||
|
password_policy:
|
||||||
|
standard:
|
||||||
|
enabled: true
|
||||||
|
min_length: 10
|
||||||
|
max_length: 128
|
||||||
|
require_uppercase: true
|
||||||
|
require_lowercase: true
|
||||||
|
require_number: true
|
||||||
|
require_special: true
|
||||||
|
|
||||||
|
storage:
|
||||||
|
local:
|
||||||
|
path: /data/db.sqlite3
|
||||||
|
|
||||||
|
notifier:
|
||||||
|
filesystem:
|
||||||
|
filename: '/data/notification.txt'
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: 'info'
|
||||||
|
format: 'json'
|
||||||
|
|
||||||
|
totp:
|
||||||
|
issuer: 'gasdev.fr'
|
||||||
|
## https://www.authelia.com/c/totp#algorithm
|
||||||
|
algorithm: 'SHA1'
|
||||||
|
|
||||||
|
## https://www.authelia.com/c/totp#digits
|
||||||
|
digits: 6
|
||||||
|
period: 30
|
||||||
|
## See: https://www.authelia.com/c/totp#input-validation to read
|
||||||
|
skew: 1
|
||||||
|
|
||||||
|
webauthn:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
duo_api:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
ntp:
|
||||||
|
address: 'udp://time.cloudflare.com:123'
|
||||||
|
|
||||||
|
|
|
@ -16,10 +16,11 @@
|
||||||
environment = {
|
environment = {
|
||||||
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
|
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
|
||||||
AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
|
AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
|
||||||
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
|
# AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
|
||||||
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
|
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
|
||||||
};
|
};
|
||||||
volumes = [
|
volumes = [
|
||||||
|
"authelia-data:/data"
|
||||||
"/run/secrets/authelia:/secrets"
|
"/run/secrets/authelia:/secrets"
|
||||||
"/etc/authelia/configuration.yml:/config/configuration.yml"
|
"/etc/authelia/configuration.yml:/config/configuration.yml"
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
./authelia
|
||||||
./garage
|
./garage
|
||||||
./shadowsocks
|
./shadowsocks
|
||||||
./uptime-kuma
|
./uptime-kuma
|
||||||
|
|
Loading…
Reference in a new issue