server.host: 0.0.0.0 server.port: 9091 server: read_buffer_size: 4096 write_buffer_size: 4096 path: "authelia" log.level: debug jwt_secret: M22162530 totp: issuer: authelia.com period: 30 skew: 1 default_redirection_url: https://pukeko.xyz/ authentication_backend: disable_reset_password: false file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 512 parallelism: 8 access_control: default_policy: deny rules: # Dumb redirect to dash.pukeko.xyz - do not auth - domain: "pukeko.xyz" policy: bypass # Allow access from internal network - domain: - "*.pukeko.xyz" networks: # Home - 192.168.0.0/24 # traefik_internal - 172.19.0.0/16 # Wireguard - 10.8.0.0/16 # Arr, for some reason - 192.168.240.0/16 policy: bypass # Allow access to container's /api address - domain: - "*.pukeko.xyz" resources: - "^/api.*" policy: bypass # Allow access to specific subdomains with family group - domain: "photos.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "tv.pukeko.xyz" policy: one_factor subject: "group:family" - domain: "movies.pukeko.xyz" policy: one_factor subject: "group:family" # Allow access to shares within Filebrowser - domain: "cloud.pukeko.xyz" policy: bypass resources: # Match only /share/ url's - Filebrowser's shares - "^*/share/.*" - domain: - "git.pukeko.xyz" policy: bypass resources: - "^/public([/?].*)?$" - domain: - "*.pukeko.xyz" policy: two_factor # Allow access to public Git repository session: name: authelia_session secret: M22162530 expiration: 1h inactivity: 5m remember_me_duration: 1M domain: "pukeko.xyz" regulation: max_retries: 3 find_time: 2m ban_time: 5m storage: encryption_key: "D3$RQ2N%S*t@q*hA@i53yb7aG5eSRgpFYqXU@Na3E^j&UB*JGEG#eRoT$vs8#h#mNM3BDA549JNabVaM7vM6pZ89YxE*a68zZ%^RCx@GV362V6$jo*mA!X5%y7M9Ru*F" local: path: /config/db.sqlite3 notifier: disable_startup_check: false smtp: host: smtp.mail.yahoo.com port: 587 timeout: 5s username: "pukekoxyz" password: "pvefngmuhcxunzqs" sender: pukekoxyz@yahoo.com identifier: localhost subject: "[Authelia] {authelia}" startup_check_address: test@authelia.com disable_require_tls: false disable_html_emails: false identity_providers: oidc: clients: - id: portainer description: Portainer CE secret: '8zDD%J3Z66A4uL%!N*G@@Uo5b6z2JbgQ3fxCr39o%LXE%Yb@6SAegGGU#!v*o3Z5u$2WJ#YC6TwEb723rZ$bbtmNJ#35Nsq7E!i9v$jU223$C@!Z&Nkwa&^Yg#DmDxk5' redirect_uris: - https://portain.pukeko.xyz/ - id: gitea description: Gitea secret: '3s4as%cU$cKH2&MiXwzC#h8GJCY2eoS%#7&*9qC&H$ujv%qD8P6rWvrtbM8$f2#zM^phWUAz%2Bk7gCGJf#nA&i3BKvwG79&5hdp&mgddhdSFt&3BpX%a2Sv*Z#mK^J3' redirect_uris: - https://git.pukeko.xyz/user/oauth2/Authelia/callback - id: wekan description: Wekan secret: '6BekdjG2Rs25MGg!NU#VEbScrQDriT2z6#wDgRK2KS4fsq5bB8hA@z8RSqs5y&pm%f94*xTw2@4&3Qv2Vg2%hv6Vq9&GNLcJfGdUxb&KM!Y@@My&ujqG3%j^Xdqs8bF^' redirect_uris: - https://tasks.pukeko.xyz/_oauth/oidc - id: wikijs description: WikiJS secret: 'mT#!fwRZ3$pE5g2rG4CCNKLkg4zg7&3L92e9LGemfYMbr92gPos&Js*4DU#&^*EUJ#PrP*y#W$W7^i2#zqJPhiK$3$z9uDNXYA$h9Urcuo8!Ggcq^#C6dow^s*VxV&WU' redirect_uris: - https://wiki.pukeko.xyz/login/2075d75c-0a5f-4949-bc42-2114036b97b3/callback scopes: - openid - email - profile - groups grant_types: - refresh_token - authorization_code response_types: - code response_modes: - form_post - query - fragment - id: grafana description: Grafana secret: '8Jx#U^%NXEvD#jc@A35wH!6PT8^DYo7pXftCKe3P%C%*xN9FQn26ec^kTxkuhA*9fZx@7*P65Y*L2Ty#Z*7n*f3#^$R!8TSuQ3THW*t#seL#iE7MatYEowb$GvU!8Y!5' redirect_uris: - https://flight.pukeko.xyz/