This commit is contained in:
Michael Grote 2024-11-10 11:27:22 +01:00
parent fa899e1be2
commit 21f316407d
4 changed files with 78 additions and 63 deletions

View file

@ -1,55 +0,0 @@
---
server.address: "0.0.0.0:9091"
log:
level: debug
identity_validation:
reset_password:
jwt_secret: c50498e29383564cd50bdeda9b74a3bf
totp:
issuer: totp.mgrote.net
authentication_backend:
file:
path: /config/users_database.yml
access_control:
default_policy: deny
rules:
- domain: wiki.mgrote.net
policy: one_factor
session:
name: authelia_session
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: mgrote.net # Should match whatever your root protected domain is
redis:
host: authelia-redis
port: 6379
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
encryption_key: f30ebde68b2c85c1b3fe2d16d9884190
local:
path: /data/db.sqlite3
# db auf mariadb ändern
notifier:
smtp:
address: postfix:25
sender: no-reply-authelia@mgrote.net
disable_require_tls: true
#mg@docker10 /docker/wiki
#> docker run --rm -it authelia/authelia:4 authelia crypto hash generate
#Digest: $argon2id$v=19$m=65536,t=3,p=4$QFNGrAPRPposUASpU2l4hw$pNthSP2DS1r2QoGT0k3QpU28vbsty6dNemTI+hJhPec
# == hallowelt

View file

@ -0,0 +1,78 @@
---
server.address: "0.0.0.0:9091"
log:
level: debug
identity_validation:
reset_password:
jwt_secret: c50498e29383564cd50bdeda9b74a3bf
totp:
issuer: totp.mgrote.net
access_control:
default_policy: deny
rules:
- domain: wiki.mgrote.net
policy: one_factor
session:
name: authelia_session
secret: unsecure_session_secret
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
domain: mgrote.net # Should match whatever your root protected domain is
redis:
host: authelia-redis
port: 6379
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
encryption_key: f30ebde68b2c85c1b3fe2d16d9884190 # verschlüsseln
local:
path: /data/db.sqlite3
# db auf mariadb ändern
notifier:
smtp:
address: postfix:25
sender: no-reply-authelia@mgrote.net
disable_require_tls: true
#mg@docker10 /docker/wiki
#> docker run --rm -it authelia/authelia:4 authelia crypto hash generate
#Digest: $argon2id$v=19$m=65536,t=3,p=4$QFNGrAPRPposUASpU2l4hw$pNthSP2DS1r2QoGT0k3QpU28vbsty6dNemTI+hJhPec
# == hallowelt
# ldap
# https://github.com/lldap/lldap/blob/main/example_configs/authelia_config.yml
authentication_backend:
password_reset:
disable: false
refresh_interval: 1m
ldap:
implementation: custom
address: ldap://lldap.mgrote.net:3890
timeout: 5s
start_tls: false
base_dn: dc=mgrote,dc=net
additional_users_dn: ou=people
users_filter: "(&({username_attribute}={input})(objectClass=person))"
additional_groups_dn: ou=groups
groups_filter: "(member={dn})"
attributes:
display_name: displayName
username: uid
group_name: cn
mail: mail
# The username and password of the bind user.
# "bind_user" should be the username you created for authentication with the "lldap_strict_readonly" permission. It is not recommended to use an actual admin account here.
# If you are configuring Authelia to change user passwords, then the account used here needs the "lldap_password_manager" permission instead.
user: uid=authelia_bind_user,ou=people,dc=mgrote,dc=net
password: '{{ lookup('viczem.keepass.keepass', 'lldap_authelia_bind_user', 'password') }}'

View file

@ -1,8 +0,0 @@
---
users:
authelia:
displayname: "mg"
password: "$argon2id$v=19$m=65536,t=3,p=4$QFNGrAPRPposUASpU2l4hw$pNthSP2DS1r2QoGT0k3QpU28vbsty6dNemTI+hJhPec"
email: michael.grote@posteo.de
groups:
- admins

Binary file not shown.