86 lines
2.3 KiB
YAML
86 lines
2.3 KiB
YAML
theme: 'auto'
|
|
|
|
totp:
|
|
issuer: '{{ domain }}'
|
|
|
|
identity_validation:
|
|
reset_password:
|
|
jwt_secret: '{{ authelia_secrets["jwt_secret"] }}'
|
|
|
|
authentication_backend:
|
|
refresh_interval: '1m'
|
|
ldap:
|
|
implementation: 'custom'
|
|
address: 'ldap://lldap:3890'
|
|
base_dn: '{{ ldap_base_dn }}'
|
|
users_filter: '(&({username_attribute}={input})(objectClass=person))'
|
|
groups_filter: '(member={dn})'
|
|
user: '{{ authelia_secrets["ldap_user"] }}'
|
|
password: '{{ authelia_secrets["ldap_password"] }}'
|
|
attributes:
|
|
distinguished_name: 'distinguishedName'
|
|
username: 'uid'
|
|
mail: 'mail'
|
|
member_of: 'memberOf'
|
|
group_name: 'cn'
|
|
|
|
password_policy:
|
|
standard:
|
|
enabled: true
|
|
min_length: 12
|
|
max_length: 128
|
|
require_uppercase: true
|
|
require_lowercase: true
|
|
require_number: true
|
|
require_special: true
|
|
|
|
access_control:
|
|
default_policy: 'deny'
|
|
rules:
|
|
- domain: 'auth.{{ domain }}'
|
|
policy: 'bypass'
|
|
|
|
- domain: 'ldap.{{ domain }}'
|
|
policy: 'two_factor'
|
|
subject: 'group:lldap_admin'
|
|
|
|
- domain: 'syncthing.{{ domain }}'
|
|
policy: 'two_factor'
|
|
subject: 'user:viyurz'
|
|
|
|
session:
|
|
cookies:
|
|
- name: 'authelia_session'
|
|
domain: '{{ domain }}'
|
|
authelia_url: 'https://auth.{{ domain }}'
|
|
|
|
storage:
|
|
encryption_key: '{{ authelia_secrets["encryption_key"] }}'
|
|
postgres:
|
|
address: postgres.{{ domain }}
|
|
database: authelia
|
|
username: '{{ authelia_secrets["postgres_user"] }}'
|
|
password: '{{ authelia_secrets["postgres_password"] }}'
|
|
|
|
notifier:
|
|
smtp:
|
|
address: 'submissions://mail.{{ domain }}:{{ ports["mailserver_smtps"] }}'
|
|
username: '{{ authelia_secrets["smtp_user"] }}'
|
|
password: '{{ authelia_secrets["smtp_password"] }}'
|
|
sender: 'Authelia <authelia@{{ domain }}>'
|
|
|
|
identity_providers:
|
|
oidc:
|
|
hmac_secret: '{{ authelia_secrets["hmac_secret"] }}'
|
|
jwks:
|
|
- key: |
|
|
{{ authelia_secrets["jwks_key"] | indent(width=10) }}
|
|
clients:
|
|
- client_id: '{{ synapse_secrets["oidc_client_id"] }}'
|
|
client_name: Synapse
|
|
client_secret: '{{ synapse_secrets["oidc_client_secret_hash"] }}'
|
|
redirect_uris: 'https://matrix.{{ domain }}/_synapse/client/oidc/callback'
|
|
scopes:
|
|
- 'openid'
|
|
- 'profile'
|
|
- 'email'
|