server.host: 0.0.0.0 server.port: 9091 server: read_buffer_size: 4096 write_buffer_size: 4096 path: "authelia" log.level: debug jwt_secret: M22162530 totp: issuer: authelia.com period: 30 skew: 1 default_redirection_url: https://pukeko.xyz/ authentication_backend: disable_reset_password: false file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 512 parallelism: 8 access_control: default_policy: deny rules: # Dumb redirect to dash.pukeko.xyz - do not auth - domain: "pukeko.xyz" policy: bypass # Allow access from internal network - domain: - "*.pukeko.xyz" networks: #Docker main subnet - 150.200.0.1/24 #Docker subnet A - 150.201.0.1/24 #Docker subnet B - 150.202.0.1/24 # Home - 192.168.0.0/24 # Wireguard - 10.8.0.0/16 policy: bypass # Allow access to container's /api address - domain: - "*.pukeko.xyz" resources: - "^/api.*" policy: bypass # Allow access to specific subdomains with family group - domain: "dash.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "cloud.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "photos.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "tv.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "movies.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "subtitles.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "torrent.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "news.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "tasks.pukeko.xyz" policy: one_factor subject: "group:family" # Allow access to shares within Filebrowser - domain: "cloud.pukeko.xyz" policy: bypass resources: # Match only /share/ url's - Filebrowser's shares - '^/share([/?].*)?$' - domain: - "git.pukeko.xyz" policy: bypass resources: - "^/public([/?].*)?$" - ".*/shmick/study.git" - domain: - "photos.pukeko.xyz" policy: bypass resources: - "^.*/s/.*$" - '^/s([/?].*)?$' - domain: - "*.pukeko.xyz" policy: two_factor # Allow access to public Git repository session: name: authelia_session secret: M22162530 expiration: 1h inactivity: 5m remember_me_duration: 1M domain: "pukeko.xyz" redis: host: authelia_redis port: 6379 regulation: max_retries: 3 find_time: 2m ban_time: 5m storage: encryption_key: "D3$RQ2N%S*t@q*hA@i53yb7aG5eSRgpFYqXU@Na3E^j&UB*JGEG#eRoT$vs8#h#mNM3BDA549JNabVaM7vM6pZ89YxE*a68zZ%^RCx@GV362V6$jo*mA!X5%y7M9Ru*F" local: path: /config/db.sqlite3 notifier: disable_startup_check: false smtp: host: smtp.zoho.com port: 587 timeout: 5s username: "matan@pukeko.xyz" password: "DjazsDaEzrU9" sender: matan@pukeko.xyz identifier: localhost subject: "[Authelia] {authelia}" startup_check_address: test@authelia.com disable_require_tls: false disable_html_emails: false identity_providers: oidc: issuer_private_key: | -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAnkzvqdtgIl71Bd7fIarSCDLI/dhTyl8G+xdmoH9wH3dGqbbn m0SV280wVRVEkGEJIohqXY+DMNrLiqvPvCTxjYAyqinjHqQFsEgtDsQ7rqpoi2U/ 3HvAdF+2obQvFz5w5urkXKyLTfkFU7+tvjiJhCYvAoUZA/Bx0LcK8Hh0OhuwN0L9 9Rq7VK0HlC5TlP1nRCUZYEDNLR0mKcKqCuAST8m5FucF/ZQaanF9anphgRavbUfp EyKvnbPGZLPf4IjbRQbxfwyNqRcDjNaP4ytjAAY4+F6aSdZePos08IzC8qemgqEm /iKVn9XUcgwZ/EjITLoEbzoFUJV91H0CiyfuBwIDAQABAoIBAHWMGddekGdVbcrb MYOVjfsKgxeEQMwgflWLjeiWWRL0hiNWL2urpUAfgMldTpmLhLYA6ELrY3auscAa Ttqd8ESrsnOLQRyqnZLGNbcmXk8YOSNxntdBiaqgvEQdQW6YLkw6ljJ+6b6PsLX8 uq5q2yqnE/diEC5NqKZclaH1QBE4/R+iDRXuAgrHvArv9uL0pD+lrms7dEfHcewn vKzv3+AKv0maGQ+aZyh3i0xPvmMqiT8ddvRmSqq60aCtCrVezJ8rd1D7IxLQ3t/T uR0jwCf8kPS8KNcPgGb5RuJ4Up+8IywU8PSiReIugD+wyvVxWLTcMCEXd7qITofR pWF447ECgYEAwpSRc26hEo9JX0yBAP5dqBKdW8BJzxjCjWJ5N1KmZFppuymyJ7I0 2aGUM8ffm8uiecJpMmnzUuF9v2/SjcsDghcslSn9qczajBI4x1Xic1272HjstrfO 9HSoGf1M1Rn7tHFFoM/ydELMkTacxvZa6i3d+UmZ3OBDheGTj1c4lK8CgYEA0ES1 ln+JRGW+sMBEhP6VZgGXkwgLJzMCDJQ1riNfYy/UxFldXB2Tz7+pAVYUndRsMh+u DHcBFe9ENnYMDfba434NqyhmWEeXgtJ1ICu1nunltTtM458zB84OGt9j8mmCTedW HxfyE0YGYgVF47n7fc+h5QB/3BapK7diOUYtQikCgYBcQZbJFT33j8ppDdvofbIo O1MyqnQUZhfwcy0n5t8Pm7Kf1AAtRBg8y5h6CJ1jv+Q0ONIp3gRJWrKFbt507jmm l5hCzRsBRCim2wjisjzhGCM1WvhZFcNhMmJ1mByyuVQXVNF/krjRGM7nVu50g1/N wpuJU7VI/WfmdXLCNseT7wKBgCvxk28B0fDAlw+sQcjd/p/bTiQT2maW+KO20ezA Qewnt3kGchBxnTKEeiByDT+QBpQ84vh2U6BRL89d8QUxRNYjTrcCezW9RVaxGU2E a3nwWCt5K6wLdzT6YTeCUxBe+sN9QEqnPsiaSdZ8zlZSc6IEIWC0TkYd8evrcaos CHihAoGAFt+od36TPiYgczaoWJ2dlLz6xLnPn/nhrSICxJhdBtCywT1uxH0THaiA NiAwc5R8fJUPBuIdd0ur/mgAV8VTcXsY/mvihrHnqCKinQKdCt1yukpFhvs68AyP O+iDoe3R22OcCFg+wuEMGDPspkNtuKV0j0UvqtaDuWqWZNOyYCU= -----END RSA PRIVATE KEY----- clients: - id: portainer description: Portainer CE secret: '8zDD%J3Z66A4uL%!N*G@@Uo5b6z2JbgQ3fxCr39o%LXE%Yb@6SAegGGU#!v*o3Z5u$2WJ#YC6TwEb723rZ$bbtmNJ#35Nsq7E!i9v$jU223$C@!Z&Nkwa&^Yg#DmDxk5' pre_configured_consent_duration: 100y redirect_uris: - https://portain.pukeko.xyz/ - id: gitea description: Gitea secret: '3s4as%cU$cKH2&MiXwzC#h8GJCY2eoS%#7&*9qC&H$ujv%qD8P6rWvrtbM8$f2#zM^phWUAz%2Bk7gCGJf#nA&i3BKvwG79&5hdp&mgddhdSFt&3BpX%a2Sv*Z#mK^J3' pre_configured_consent_duration: 100y redirect_uris: - https://git.pukeko.xyz/user/oauth2/Authelia/callback - id: wikijs description: WikiJS secret: 'mT#!fwRZ3$pE5g2rG4CCNKLkg4zg7&3L92e9LGemfYMbr92gPos&Js*4DU#&^*EUJ#PrP*y#W$W7^i2#zqJPhiK$3$z9uDNXYA$h9Urcuo8!Ggcq^#C6dow^s*VxV&WU' public: false authorization_policy: two_factor pre_configured_consent_duration: 100y redirect_uris: - https://wiki.pukeko.xyz/login/a8755bfb-8a4e-49b7-b31b-43ac5638367a/callback - id: wikijs_study description: WikiJS-Study secret: 'jPdRbutexLB9aTanEthKiTXVtzcYsM3N9DmwbBKXdSikMRYWKLAMffETp9ads6cTAgkBMNu9Cp8aujFdXcEkpEeq5cMHc3KoiS64HHCK9CrVLH4PHdDFxLquGbd2h3Sz' public: false authorization_policy: two_factor pre_configured_consent_duration: 100y redirect_uris: - https://logos.pukeko.xyz/login/2a01989c-e0f5-431a-95f1-c3e0383f67ce/callback - id: grafana description: Grafana secret: 'P6x3vpNvZcLCZnmwts7E3sEYmtnLVx2cmjPafyFjNRHRsJmcBajaGYzdYjEB4iZemmCTK5H5QAxqg8fSmjMkydKkYcynDgbCciR3tdz3XbcKgRX3LpDVFHqejEKLPz7n' public: false authorization_policy: two_factor pre_configured_consent_duration: 100y redirect_uris: - https://flight.pukeko.xyz/login/generic_oauth scopes: - openid - profile - groups - email userinfo_signing_algorithm: none - id: vikunja description: Vikunja secret: 'ryKVwXhfHeAQKJJHwejEpK66pAuTGvY2saZArKTFZPjWVs2fKNHDAwah8TbPP44LGKYPBYJxU5Ua5H4Su87DAY4ktpAz6UfmpB9XnXCPoACtBrwBgykjoC6cUzXJRc7t' pre_configured_consent_duration: 100y authorization_policy: one_factor redirect_uris: - https://tasks.pukeko.xyz/auth/openid/ - https://tasks.pukeko.xyz/auth/openid/authelia - https://tasks.pukeko.xyz/api/oidc/authorization scopes: - openid - email - profile - groups - id: docspell description: Docspell secret: 'tEf47Me$YsXG8K4%63$%!kbMqbgVnc*bAq2i4SPERay#T!&ajc35m&D%C#uRMiaSv@cRFxwMcqo%SwEq*49G9HufJ&d#^f*&MK9hzU6s&7C2^XmfGC8Up7YeegnH#VhP' pre_configured_consent_duration: 100y authorization_policy: one_factor redirect_uris: - https://docs.pukeko.xyz/api/v1/open/auth/openid/authelia/resume scopes: - openid - email - profile - groups userinfo_signing_algorithm: none response_types: - code grant_types: - authorization_code