valid yaml
This commit is contained in:
parent
14a761aebe
commit
a0bf2cbbfb
|
@ -1,101 +1,63 @@
|
|||
---
|
||||
default_redirection_url: https://mgrote.net
|
||||
|
||||
jwt_secret: {{ lookup('keepass', 'AUTHELIA_JWT_SECRET', 'password') }}
|
||||
|
||||
jwt_secret: "{{ lookup('keepass', 'AUTHELIA_JWT_SECRET', 'password') }}"
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
||||
totp:
|
||||
issuer: authelia.com
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
# Rules applied to everyone
|
||||
- domain: audio.mgrote.net
|
||||
policy: bypass
|
||||
- domain: munin.grote.lan
|
||||
policy: one_factor
|
||||
# - domain: secure.example.com
|
||||
# policy: two_factor
|
||||
|
||||
session:
|
||||
cookies:
|
||||
- name: authelia_session
|
||||
domain: mgrote.net # Should match whatever your root protected domain is
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
|
||||
domain: mgrote.net
|
||||
expiration: 3600
|
||||
inactivity: 300
|
||||
redis:
|
||||
host: authelia-redis
|
||||
post: 6379
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 120
|
||||
ban_time: 300
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
username: info@mgrote.net
|
||||
password: {{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
|
||||
password: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
|
||||
host: smtp.strato.de
|
||||
port: 587
|
||||
sender: info@mgrote.net
|
||||
|
||||
|
||||
# This is just the LDAP part of the Authelia configuration!
|
||||
authentication_backend:
|
||||
# Password reset through authelia works normally.
|
||||
password_reset:
|
||||
disable: false
|
||||
# How often authelia should check if there is an user update in LDAP
|
||||
refresh_interval: 1m
|
||||
ldap:
|
||||
implementation: custom
|
||||
# Pattern is ldap://HOSTNAME-OR-IP:PORT
|
||||
# Normal ldap port is 389, standard in LLDAP is 3890
|
||||
url: ldap://lldap-app:3890
|
||||
# The dial timeout for LDAP.
|
||||
timeout: 5s
|
||||
# Use StartTLS with the LDAP connection, TLS not supported right now
|
||||
start_tls: false
|
||||
#tls:
|
||||
# skip_verify: false
|
||||
# minimum_version: TLS1.2
|
||||
# Set base dn, like dc=google,dc.com
|
||||
base_dn: dc=grote,dc=lan
|
||||
username_attribute: uid
|
||||
# You need to set this to ou=people, because all users are stored in this ou!
|
||||
additional_users_dn: ou=people
|
||||
# To allow sign in both with username and email, one can use a filter like
|
||||
# (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
||||
users_filter: "(&({username_attribute}={input})(objectClass=person))"
|
||||
# Set this to ou=groups, because all groups are stored in this ou
|
||||
users_filter: (&({username_attribute}={input})(objectClass=person))
|
||||
additional_groups_dn: ou=groups
|
||||
# Only this filter is supported right now
|
||||
groups_filter: "(member={dn})"
|
||||
# The attribute holding the name of the group.
|
||||
groups_filter: (member={dn})
|
||||
group_name_attribute: cn
|
||||
# Email attribute
|
||||
mail_attribute: mail
|
||||
# The attribute holding the display name of the user. This will be used to greet an authenticated user.
|
||||
display_name_attribute: displayName
|
||||
# The username and password of the admin user.
|
||||
# "admin" should be the admin username you set in the LLDAP configuration
|
||||
user: uid=admin,ou=people,dc=grote,dc=lan
|
||||
# Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
|
||||
password: {{ lookup('keepass', 'LLDAP_LDAP_USER_PASS', 'password') }}
|
||||
|
||||
|
||||
password: "{{ lookup('keepass', 'LLDAP_LDAP_USER_PASS', 'password') }}"
|
||||
storage:
|
||||
postgres:
|
||||
host: authelia-postgres
|
||||
database: authelia
|
||||
username: authelia
|
||||
|
||||
session:
|
||||
redis:
|
||||
host: authelia-redis
|
||||
post: 6379
|
||||
password: "{{ lookup('keepass', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', 'password') }}"
|
||||
|
|
Loading…
Reference in New Issue