120 lines
3.5 KiB
YAML
120 lines
3.5 KiB
YAML
server.host: 0.0.0.0
|
|
server.port: 9091
|
|
server:
|
|
read_buffer_size: 4096
|
|
write_buffer_size: 4096
|
|
path: "authelia"
|
|
log.level: debug
|
|
jwt_secret: M22162530
|
|
totp:
|
|
issuer: authelia.com
|
|
period: 30
|
|
skew: 1
|
|
default_redirection_url: https://pukeko.xyz/
|
|
authentication_backend:
|
|
disable_reset_password: false
|
|
file:
|
|
path: /config/users_database.yml
|
|
password:
|
|
algorithm: argon2id
|
|
iterations: 1
|
|
key_length: 32
|
|
salt_length: 16
|
|
memory: 512
|
|
parallelism: 8
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
# Dumb redirect to dash.pukeko.xyz - do not auth
|
|
- domain: "pukeko.xyz"
|
|
policy: bypass
|
|
- domain:
|
|
- "*.pukeko.xyz"
|
|
networks:
|
|
- 192.168.0.0/24
|
|
policy: bypass
|
|
# Allow access to specific subdomains with family group
|
|
- domain: "photos.pukeko.xyz"
|
|
policy: one_factor
|
|
subject: "group:family"
|
|
# Allow access to shares within Filebrowser
|
|
- domain: "cloud.pukeko.xyz"
|
|
policy: bypass
|
|
resources:
|
|
# Match only /share/ url's - Filebrowser's shares
|
|
- "^*/share/.*"
|
|
- domain:
|
|
- "*.pukeko.xyz"
|
|
policy: two_factor
|
|
session:
|
|
name: authelia_session
|
|
secret: M22162530
|
|
expiration: 1h
|
|
inactivity: 5m
|
|
remember_me_duration: 1M
|
|
domain: "pukeko.xyz"
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
storage:
|
|
encryption_key: "D3$RQ2N%S*t@q*hA@i53yb7aG5eSRgpFYqXU@Na3E^j&UB*JGEG#eRoT$vs8#h#mNM3BDA549JNabVaM7vM6pZ89YxE*a68zZ%^RCx@GV362V6$jo*mA!X5%y7M9Ru*F"
|
|
local:
|
|
path: /config/db.sqlite3
|
|
notifier:
|
|
disable_startup_check: false
|
|
smtp:
|
|
host: smtp.mail.yahoo.com
|
|
port: 587
|
|
timeout: 5s
|
|
username: "pukekoxyz"
|
|
password: "pvefngmuhcxunzqs"
|
|
sender: pukekoxyz@yahoo.com
|
|
identifier: localhost
|
|
subject: "[Authelia] {authelia}"
|
|
startup_check_address: test@authelia.com
|
|
disable_require_tls: false
|
|
disable_html_emails: false
|
|
identity_providers:
|
|
oidc:
|
|
clients:
|
|
- id: portainer
|
|
description: Portainer CE
|
|
secret: '8zDD%J3Z66A4uL%!N*G@@Uo5b6z2JbgQ3fxCr39o%LXE%Yb@6SAegGGU#!v*o3Z5u$2WJ#YC6TwEb723rZ$bbtmNJ#35Nsq7E!i9v$jU223$C@!Z&Nkwa&^Yg#DmDxk5'
|
|
redirect_uris:
|
|
- https://portain.pukeko.xyz/
|
|
- id: gitea
|
|
description: Gitea
|
|
secret: '3s4as%cU$cKH2&MiXwzC#h8GJCY2eoS%#7&*9qC&H$ujv%qD8P6rWvrtbM8$f2#zM^phWUAz%2Bk7gCGJf#nA&i3BKvwG79&5hdp&mgddhdSFt&3BpX%a2Sv*Z#mK^J3'
|
|
redirect_uris:
|
|
- https://git.pukeko.xyz/user/oauth2/Authelia/callback
|
|
- id: wekan
|
|
description: Wekan
|
|
secret: '6BekdjG2Rs25MGg!NU#VEbScrQDriT2z6#wDgRK2KS4fsq5bB8hA@z8RSqs5y&pm%f94*xTw2@4&3Qv2Vg2%hv6Vq9&GNLcJfGdUxb&KM!Y@@My&ujqG3%j^Xdqs8bF^'
|
|
redirect_uris:
|
|
- https://tasks.pukeko.xyz/_oauth/oidc
|
|
- id: wikijs
|
|
description: WikiJS
|
|
secret: 'mT#!fwRZ3$pE5g2rG4CCNKLkg4zg7&3L92e9LGemfYMbr92gPos&Js*4DU#&^*EUJ#PrP*y#W$W7^i2#zqJPhiK$3$z9uDNXYA$h9Urcuo8!Ggcq^#C6dow^s*VxV&WU'
|
|
redirect_uris:
|
|
- https://wiki.pukeko.xyz/login/2075d75c-0a5f-4949-bc42-2114036b97b3/callback
|
|
scopes:
|
|
- openid
|
|
- email
|
|
- profile
|
|
- groups
|
|
grant_types:
|
|
- refresh_token
|
|
- authorization_code
|
|
response_types:
|
|
- code
|
|
response_modes:
|
|
- form_post
|
|
- query
|
|
- fragment
|
|
- id: grafana
|
|
description: Grafana
|
|
secret: '8Jx#U^%NXEvD#jc@A35wH!6PT8^DYo7pXftCKe3P%C%*xN9FQn26ec^kTxkuhA*9fZx@7*P65Y*L2Ty#Z*7n*f3#^$R!8TSuQ3THW*t#seL#iE7MatYEowb$GvU!8Y!5'
|
|
redirect_uris:
|
|
- https://flight.pukeko.xyz/
|