245 lines
8.2 KiB
YAML
245 lines
8.2 KiB
YAML
server.host: 0.0.0.0
|
|
server.port: 9091
|
|
server:
|
|
read_buffer_size: 4096
|
|
write_buffer_size: 4096
|
|
path: "authelia"
|
|
log.level: debug
|
|
jwt_secret: M22162530
|
|
totp:
|
|
issuer: authelia.com
|
|
period: 30
|
|
skew: 1
|
|
default_redirection_url: https://pukeko.xyz/
|
|
authentication_backend:
|
|
disable_reset_password: false
|
|
file:
|
|
path: /config/users_database.yml
|
|
password:
|
|
algorithm: argon2id
|
|
iterations: 1
|
|
key_length: 32
|
|
salt_length: 16
|
|
memory: 512
|
|
parallelism: 8
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
# Dumb redirect to dash.pukeko.xyz - do not auth
|
|
- domain: "pukeko.xyz"
|
|
policy: bypass
|
|
# Allow access from internal network
|
|
- domain:
|
|
- "*.pukeko.xyz"
|
|
networks:
|
|
#Docker main subnet
|
|
- 150.200.0.1/24
|
|
#Docker subnet A
|
|
- 150.201.0.1/24
|
|
#Docker subnet B
|
|
- 150.202.0.1/24
|
|
# Home
|
|
- 192.168.0.0/24
|
|
# Wireguard
|
|
- 10.8.0.0/16
|
|
policy: bypass
|
|
# Allow access to container's /api address
|
|
- domain:
|
|
- "*.pukeko.xyz"
|
|
resources:
|
|
- "^/api.*"
|
|
policy: bypass
|
|
# Allow access to specific subdomains with family group
|
|
- domain: "dash.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
- domain: "cloud.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
- domain: "photos.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
- domain: "tv.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
- domain: "movies.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
- domain: "subtitles.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
- domain: "torrent.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
- domain: "news.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
- domain: "tasks.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
# Allow access to shares within Filebrowser
|
|
- domain: "cloud.pukeko.xyz"
|
|
policy: bypass
|
|
resources:
|
|
# Match only /share/ url's - Filebrowser's shares
|
|
- '^/share([/?].*)?$'
|
|
- domain:
|
|
- "git.pukeko.xyz"
|
|
policy: bypass
|
|
resources:
|
|
- "^/public([/?].*)?$"
|
|
- ".*/shmick/study.git"
|
|
- domain:
|
|
- "photos.pukeko.xyz"
|
|
policy: bypass
|
|
resources:
|
|
- "^.*/s/.*$"
|
|
- '^/s([/?].*)?$'
|
|
- domain:
|
|
- "*.pukeko.xyz"
|
|
policy: two_factor
|
|
# Allow access to public Git repository
|
|
session:
|
|
name: authelia_session
|
|
secret: M22162530
|
|
expiration: 1h
|
|
inactivity: 5m
|
|
remember_me_duration: 1M
|
|
domain: "pukeko.xyz"
|
|
redis:
|
|
host: authelia_redis
|
|
port: 6379
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
storage:
|
|
encryption_key: "D3$RQ2N%S*t@q*hA@i53yb7aG5eSRgpFYqXU@Na3E^j&UB*JGEG#eRoT$vs8#h#mNM3BDA549JNabVaM7vM6pZ89YxE*a68zZ%^RCx@GV362V6$jo*mA!X5%y7M9Ru*F"
|
|
local:
|
|
path: /config/db.sqlite3
|
|
notifier:
|
|
disable_startup_check: false
|
|
smtp:
|
|
host: smtp.zoho.com
|
|
port: 587
|
|
timeout: 5s
|
|
username: "matan@pukeko.xyz"
|
|
password: "DjazsDaEzrU9"
|
|
sender: matan@pukeko.xyz
|
|
identifier: localhost
|
|
subject: "[Authelia] {authelia}"
|
|
startup_check_address: test@authelia.com
|
|
disable_require_tls: false
|
|
disable_html_emails: false
|
|
identity_providers:
|
|
oidc:
|
|
issuer_private_key: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
MIIEogIBAAKCAQEAnkzvqdtgIl71Bd7fIarSCDLI/dhTyl8G+xdmoH9wH3dGqbbn
|
|
m0SV280wVRVEkGEJIohqXY+DMNrLiqvPvCTxjYAyqinjHqQFsEgtDsQ7rqpoi2U/
|
|
3HvAdF+2obQvFz5w5urkXKyLTfkFU7+tvjiJhCYvAoUZA/Bx0LcK8Hh0OhuwN0L9
|
|
9Rq7VK0HlC5TlP1nRCUZYEDNLR0mKcKqCuAST8m5FucF/ZQaanF9anphgRavbUfp
|
|
EyKvnbPGZLPf4IjbRQbxfwyNqRcDjNaP4ytjAAY4+F6aSdZePos08IzC8qemgqEm
|
|
/iKVn9XUcgwZ/EjITLoEbzoFUJV91H0CiyfuBwIDAQABAoIBAHWMGddekGdVbcrb
|
|
MYOVjfsKgxeEQMwgflWLjeiWWRL0hiNWL2urpUAfgMldTpmLhLYA6ELrY3auscAa
|
|
Ttqd8ESrsnOLQRyqnZLGNbcmXk8YOSNxntdBiaqgvEQdQW6YLkw6ljJ+6b6PsLX8
|
|
uq5q2yqnE/diEC5NqKZclaH1QBE4/R+iDRXuAgrHvArv9uL0pD+lrms7dEfHcewn
|
|
vKzv3+AKv0maGQ+aZyh3i0xPvmMqiT8ddvRmSqq60aCtCrVezJ8rd1D7IxLQ3t/T
|
|
uR0jwCf8kPS8KNcPgGb5RuJ4Up+8IywU8PSiReIugD+wyvVxWLTcMCEXd7qITofR
|
|
pWF447ECgYEAwpSRc26hEo9JX0yBAP5dqBKdW8BJzxjCjWJ5N1KmZFppuymyJ7I0
|
|
2aGUM8ffm8uiecJpMmnzUuF9v2/SjcsDghcslSn9qczajBI4x1Xic1272HjstrfO
|
|
9HSoGf1M1Rn7tHFFoM/ydELMkTacxvZa6i3d+UmZ3OBDheGTj1c4lK8CgYEA0ES1
|
|
ln+JRGW+sMBEhP6VZgGXkwgLJzMCDJQ1riNfYy/UxFldXB2Tz7+pAVYUndRsMh+u
|
|
DHcBFe9ENnYMDfba434NqyhmWEeXgtJ1ICu1nunltTtM458zB84OGt9j8mmCTedW
|
|
HxfyE0YGYgVF47n7fc+h5QB/3BapK7diOUYtQikCgYBcQZbJFT33j8ppDdvofbIo
|
|
O1MyqnQUZhfwcy0n5t8Pm7Kf1AAtRBg8y5h6CJ1jv+Q0ONIp3gRJWrKFbt507jmm
|
|
l5hCzRsBRCim2wjisjzhGCM1WvhZFcNhMmJ1mByyuVQXVNF/krjRGM7nVu50g1/N
|
|
wpuJU7VI/WfmdXLCNseT7wKBgCvxk28B0fDAlw+sQcjd/p/bTiQT2maW+KO20ezA
|
|
Qewnt3kGchBxnTKEeiByDT+QBpQ84vh2U6BRL89d8QUxRNYjTrcCezW9RVaxGU2E
|
|
a3nwWCt5K6wLdzT6YTeCUxBe+sN9QEqnPsiaSdZ8zlZSc6IEIWC0TkYd8evrcaos
|
|
CHihAoGAFt+od36TPiYgczaoWJ2dlLz6xLnPn/nhrSICxJhdBtCywT1uxH0THaiA
|
|
NiAwc5R8fJUPBuIdd0ur/mgAV8VTcXsY/mvihrHnqCKinQKdCt1yukpFhvs68AyP
|
|
O+iDoe3R22OcCFg+wuEMGDPspkNtuKV0j0UvqtaDuWqWZNOyYCU=
|
|
-----END RSA PRIVATE KEY-----
|
|
|
|
clients:
|
|
- id: portainer
|
|
description: Portainer CE
|
|
secret: '8zDD%J3Z66A4uL%!N*G@@Uo5b6z2JbgQ3fxCr39o%LXE%Yb@6SAegGGU#!v*o3Z5u$2WJ#YC6TwEb723rZ$bbtmNJ#35Nsq7E!i9v$jU223$C@!Z&Nkwa&^Yg#DmDxk5'
|
|
pre_configured_consent_duration: 100y
|
|
redirect_uris:
|
|
- https://portain.pukeko.xyz/
|
|
|
|
- id: gitea
|
|
description: Gitea
|
|
secret: '3s4as%cU$cKH2&MiXwzC#h8GJCY2eoS%#7&*9qC&H$ujv%qD8P6rWvrtbM8$f2#zM^phWUAz%2Bk7gCGJf#nA&i3BKvwG79&5hdp&mgddhdSFt&3BpX%a2Sv*Z#mK^J3'
|
|
pre_configured_consent_duration: 100y
|
|
redirect_uris:
|
|
- https://git.pukeko.xyz/user/oauth2/Authelia/callback
|
|
|
|
- id: wikijs
|
|
description: WikiJS
|
|
secret: 'mT#!fwRZ3$pE5g2rG4CCNKLkg4zg7&3L92e9LGemfYMbr92gPos&Js*4DU#&^*EUJ#PrP*y#W$W7^i2#zqJPhiK$3$z9uDNXYA$h9Urcuo8!Ggcq^#C6dow^s*VxV&WU'
|
|
public: false
|
|
authorization_policy: two_factor
|
|
pre_configured_consent_duration: 100y
|
|
redirect_uris:
|
|
- https://wiki.pukeko.xyz/login/a8755bfb-8a4e-49b7-b31b-43ac5638367a/callback
|
|
|
|
- id: wikijs_study
|
|
description: WikiJS-Study
|
|
secret: 'jPdRbutexLB9aTanEthKiTXVtzcYsM3N9DmwbBKXdSikMRYWKLAMffETp9ads6cTAgkBMNu9Cp8aujFdXcEkpEeq5cMHc3KoiS64HHCK9CrVLH4PHdDFxLquGbd2h3Sz'
|
|
public: false
|
|
authorization_policy: two_factor
|
|
pre_configured_consent_duration: 100y
|
|
redirect_uris:
|
|
- https://logos.pukeko.xyz/login/2a01989c-e0f5-431a-95f1-c3e0383f67ce/callback
|
|
|
|
- id: grafana
|
|
description: Grafana
|
|
secret: 'P6x3vpNvZcLCZnmwts7E3sEYmtnLVx2cmjPafyFjNRHRsJmcBajaGYzdYjEB4iZemmCTK5H5QAxqg8fSmjMkydKkYcynDgbCciR3tdz3XbcKgRX3LpDVFHqejEKLPz7n'
|
|
public: false
|
|
authorization_policy: two_factor
|
|
pre_configured_consent_duration: 100y
|
|
redirect_uris:
|
|
- https://flight.pukeko.xyz/login/generic_oauth
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- groups
|
|
- email
|
|
userinfo_signing_algorithm: none
|
|
|
|
- id: vikunja
|
|
description: Vikunja
|
|
secret: 'ryKVwXhfHeAQKJJHwejEpK66pAuTGvY2saZArKTFZPjWVs2fKNHDAwah8TbPP44LGKYPBYJxU5Ua5H4Su87DAY4ktpAz6UfmpB9XnXCPoACtBrwBgykjoC6cUzXJRc7t'
|
|
pre_configured_consent_duration: 100y
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://tasks.pukeko.xyz/auth/openid/
|
|
- https://tasks.pukeko.xyz/auth/openid/authelia
|
|
- https://tasks.pukeko.xyz/api/oidc/authorization
|
|
scopes:
|
|
- openid
|
|
- email
|
|
- profile
|
|
- groups
|
|
|
|
- id: docspell
|
|
description: Docspell
|
|
secret: 'tEf47Me$YsXG8K4%63$%!kbMqbgVnc*bAq2i4SPERay#T!&ajc35m&D%C#uRMiaSv@cRFxwMcqo%SwEq*49G9HufJ&d#^f*&MK9hzU6s&7C2^XmfGC8Up7YeegnH#VhP'
|
|
pre_configured_consent_duration: 100y
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://docs.pukeko.xyz/api/v1/open/auth/openid/authelia/resume
|
|
scopes:
|
|
- openid
|
|
- email
|
|
- profile
|
|
- groups
|
|
userinfo_signing_algorithm: none
|
|
response_types:
|
|
- code
|
|
grant_types:
|
|
- authorization_code
|