vps/roles/authelia/templates/configuration.yml

theme: 'auto'

totp:
  issuer: '{{ domain }}'

identity_validation:
  reset_password:
    jwt_secret: '{{ authelia_secrets["jwt_secret"] }}'

authentication_backend:
  refresh_interval: '1m'
  ldap:
    implementation: 'custom'
    address: 'ldap://lldap:3890'
    base_dn: '{{ ldap_base_dn }}'
    users_filter: '(&({username_attribute}={input})(objectClass=person))'
    groups_filter: '(member={dn})'
    user: '{{ authelia_secrets["ldap_user"] }}'
    password: '{{ authelia_secrets["ldap_password"] }}'
    attributes:
      distinguished_name: 'distinguishedName'
      username: 'uid'
      mail: 'mail'
      member_of: 'memberOf'
      group_name: 'cn'

password_policy:
  standard:
    enabled: true
    min_length: 12
    max_length: 128
    require_uppercase: true
    require_lowercase: true
    require_number: true
    require_special: true

access_control:
  default_policy: 'deny'
  rules: 
    - domain: 'auth.{{ domain }}'
      policy: 'bypass'

    - domain: 'ldap.{{ domain }}'
      policy: 'two_factor'
      subject: 'group:lldap_admin'

    - domain: 'syncthing.{{ domain }}'
      policy: 'two_factor'
      subject: 'user:viyurz'

session:
  cookies:
    - name: 'authelia_session'
      domain: '{{ domain }}'
      authelia_url: 'https://auth.{{ domain }}'

storage:
  encryption_key: '{{ authelia_secrets["encryption_key"] }}'
  postgres:
    address: postgres.{{ domain }}
    database: authelia
    username: '{{ authelia_secrets["postgres_user"] }}'
    password: '{{ authelia_secrets["postgres_password"] }}'

notifier:
  smtp:
    address: 'submissions://mail.{{ domain }}:{{ ports["mailserver_smtps"] }}'
    username: '{{ authelia_secrets["smtp_user"] }}'
    password: '{{ authelia_secrets["smtp_password"] }}'
    sender: 'Authelia <authelia@{{ domain }}>'

# identity_providers:
Add Authelia. 2024-03-31 18:26:05 +02:00			`theme: 'auto'`

			`totp:`
			`issuer: '{{ domain }}'`

			`identity_validation:`
			`reset_password:`
			`jwt_secret: '{{ authelia_secrets["jwt_secret"] }}'`

			`authentication_backend:`
			`refresh_interval: '1m'`
			`ldap:`
			`implementation: 'custom'`
			`address: 'ldap://lldap:3890'`
			`base_dn: '{{ ldap_base_dn }}'`
			`users_filter: '(&({username_attribute}={input})(objectClass=person))'`
			`groups_filter: '(member={dn})'`
			`user: '{{ authelia_secrets["ldap_user"] }}'`
			`password: '{{ authelia_secrets["ldap_password"] }}'`
			`attributes:`
			`distinguished_name: 'distinguishedName'`
			`username: 'uid'`
			`mail: 'mail'`
			`member_of: 'memberOf'`
			`group_name: 'cn'`

			`password_policy:`
			`standard:`
			`enabled: true`
			`min_length: 12`
			`max_length: 128`
			`require_uppercase: true`
			`require_lowercase: true`
			`require_number: true`
			`require_special: true`

			`access_control:`
			`default_policy: 'deny'`
			`rules:`
			`- domain: 'auth.{{ domain }}'`
			`policy: 'bypass'`

			`- domain: 'ldap.{{ domain }}'`
			`policy: 'two_factor'`
			`subject: 'group:lldap_admin'`

			`- domain: 'syncthing.{{ domain }}'`
			`policy: 'two_factor'`
			`subject: 'user:viyurz'`

			`session:`
			`cookies:`
			`- name: 'authelia_session'`
			`domain: '{{ domain }}'`
			`authelia_url: 'https://auth.{{ domain }}'`

			`storage:`
			`encryption_key: '{{ authelia_secrets["encryption_key"] }}'`
			`postgres:`
			`address: postgres.{{ domain }}`
			`database: authelia`
			`username: '{{ authelia_secrets["postgres_user"] }}'`
			`password: '{{ authelia_secrets["postgres_password"] }}'`

			`notifier:`
			`smtp:`
			`address: 'submissions://mail.{{ domain }}:{{ ports["mailserver_smtps"] }}'`
			`username: '{{ authelia_secrets["smtp_user"] }}'`
			`password: '{{ authelia_secrets["smtp_password"] }}'`
			`sender: 'Authelia <authelia@{{ domain }}>'`

			`# identity_providers:`