70 lines
1.6 KiB
Django/Jinja
70 lines
1.6 KiB
Django/Jinja
---
|
|
default_redirection_url: https://mgrote.net
|
|
jwt_secret: "{{ lookup('keepass', 'AUTHELIA_JWT_SECRET', 'password') }}"
|
|
|
|
server:
|
|
host: 0.0.0.0
|
|
port: 9091
|
|
|
|
log:
|
|
level: debug
|
|
|
|
totp:
|
|
issuer: authelia.com
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: audio.mgrote.net
|
|
policy: bypass
|
|
- domain: munin.grote.lan
|
|
policy: one_factor
|
|
|
|
session:
|
|
domain: mgrote.net
|
|
secret: "{{ lookup('keepass', 'AUTHELIA_SESSION_SECRET', 'password') }}"
|
|
redis:
|
|
host: authelia-redis
|
|
port: 6379
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 120
|
|
ban_time: 300
|
|
|
|
notifier:
|
|
smtp:
|
|
username: info@mgrote.net
|
|
password: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
|
|
host: smtp.strato.de
|
|
port: 587
|
|
sender: info@mgrote.net
|
|
|
|
authentication_backend:
|
|
password_reset:
|
|
disable: false
|
|
refresh_interval: 1m
|
|
ldap:
|
|
implementation: custom
|
|
url: ldap://lldap-app:3890
|
|
timeout: 5s
|
|
start_tls: false
|
|
base_dn: dc=grote,dc=lan
|
|
username_attribute: uid
|
|
additional_users_dn: ou=people
|
|
users_filter: (&({username_attribute}={input})(objectClass=person))
|
|
additional_groups_dn: ou=groups
|
|
groups_filter: (member={dn})
|
|
group_name_attribute: cn
|
|
mail_attribute: mail
|
|
display_name_attribute: displayName
|
|
user: uid=admin,ou=people,dc=grote,dc=lan
|
|
password: "{{ lookup('keepass', 'LLDAP_LDAP_USER_PASS', 'password') }}"
|
|
|
|
storage:
|
|
postgres:
|
|
host: authelia-postgres
|
|
database: authelia
|
|
username: authelia
|
|
password: "{{ lookup('keepass', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', 'password') }}"
|