homeserver/docker-compose/traefik/configuration.yml.j2

77 lines
2 KiB
Text
Raw Normal View History

2024-11-10 11:27:22 +01:00
---
2024-11-10 11:53:54 +01:00
# geklaut von: https://ruanbekker.hashnode.dev/sso-with-authelia-using-traefik-on-docker + https://www.reddit.com/r/selfhosted/comments/158quyz/authelia_ldap_groups/
2024-11-10 11:27:22 +01:00
server.address: "0.0.0.0:9091"
log:
level: debug
identity_validation:
reset_password:
2024-11-10 11:53:54 +01:00
jwt_secret: "{{ lookup('viczem.keepass.keepass', 'authelia_jwt_secret', 'password') }}"
authelia_jwt_secret
2024-11-10 11:27:22 +01:00
totp:
issuer: totp.mgrote.net
access_control:
default_policy: deny
rules:
- domain: wiki.mgrote.net
policy: one_factor
2024-11-10 11:32:51 +01:00
subject:
2024-11-10 11:46:18 +01:00
- 'group:authelia_wiki'
2024-11-10 11:27:22 +01:00
session:
name: authelia_session
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: mgrote.net # Should match whatever your root protected domain is
redis:
host: authelia-redis
port: 6379
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
2024-11-10 11:53:54 +01:00
encryption_key: {{ lookup('viczem.keepass.keepass', 'authelia_storage_encryption_key', 'password') }}
2024-11-10 11:27:22 +01:00
local:
path: /data/db.sqlite3
notifier:
smtp:
address: postfix:25
sender: no-reply-authelia@mgrote.net
disable_require_tls: true
# ldap
# https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml
authentication_backend:
password_reset:
2024-11-10 11:38:24 +01:00
disable: true
2024-11-10 11:27:22 +01:00
refresh_interval: 1m
ldap:
implementation: custom
2024-11-10 11:30:26 +01:00
address: ldap://ldap.mgrote.net:3890
2024-11-10 11:27:22 +01:00
timeout: 5s
start_tls: false
base_dn: dc=mgrote,dc=net
additional_users_dn: ou=people
users_filter: "(&({username_attribute}={input})(objectClass=person))"
additional_groups_dn: ou=groups
2024-11-10 11:46:18 +01:00
groups_filter: "(&(member={dn})(objectclass=groupOfUniqueNames))"
2024-11-10 11:27:22 +01:00
attributes:
display_name: displayName
username: uid
group_name: cn
mail: mail
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'
2024-11-10 11:53:54 +01:00
# Details/Doku: https://wiki.mgrote.net/pages/_Technik/hardware/rest/fpv/software/rest/ldap/