AUTHENTICATION BABYYYY
This commit is contained in:
Aner Zakobar
@@ -0,0 +1,60 @@
|
||||
###############################################################
|
||||
# Authelia minimal configuration #
|
||||
###############################################################
|
||||
theme: "light"
|
||||
log:
|
||||
level: "debug"
|
||||
jwt_secret: {{ .homey_authelia_jwt | quote }}
|
||||
authentication_backend:
|
||||
ldap:
|
||||
implementation: "custom"
|
||||
url: "ldap://openldap:389"
|
||||
timeout: "5s"
|
||||
start_tls: false
|
||||
base_dn: "{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim}}"
|
||||
users_filter: "({username_attribute}={input})"
|
||||
username_attribute: "uid"
|
||||
additional_users_dn: "ou=users"
|
||||
groups_filter: "(&(uniquemember=uid={input},ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim}})(objectclass=groupOfUniqueNames))"
|
||||
group_name_attribute: "cn"
|
||||
additional_groups_dn: "ou=groups"
|
||||
mail_attribute: "mail"
|
||||
display_name_attribute: "uid"
|
||||
permit_referrals: false
|
||||
permit_unauthenticated_bind: false
|
||||
user: "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}"
|
||||
password: {{ .homey_openldap_ro | quote }}
|
||||
totp:
|
||||
issuer: "{{ .Values.homey.url }}"
|
||||
disable: false
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: {{ .homey_authelia_session | quote }}
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 7200 # 2 hours
|
||||
domain: "{{ .Values.homey.url}}" # needs to be your root domain
|
||||
storage:
|
||||
local:
|
||||
path: "/config/db.sqlite3"
|
||||
encryption_key: {{ .homey_authelia_encryption_key | quote }}
|
||||
access_control:
|
||||
default_policy: "deny"
|
||||
rules:
|
||||
- domain:
|
||||
- "auth.zakobar.com"
|
||||
policy: bypass
|
||||
- domain:
|
||||
- "ldapadmin.{{ .Values.homey.url }}"
|
||||
subject:
|
||||
- 'group:admins'
|
||||
policy: "two_factor"
|
||||
- domain:
|
||||
- "ldapadmin.{{ .Values.homey.url }}"
|
||||
- "longhorn.{{ .Values.homey.url }}"
|
||||
policy: "deny"
|
||||
# - domain:
|
||||
# - "git.{{ .Values.homey.url }}"
|
||||
# policy: "one_factor"
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: "/var/lib/authelia/emails.txt"
|
||||
@@ -0,0 +1,95 @@
|
||||
APP_NAME = {{ .Values.homey.organization }}
|
||||
RUN_MODE = prod
|
||||
RUN_USER = git
|
||||
WORK_PATH = /data/gitea
|
||||
|
||||
[repository]
|
||||
ROOT = /data/git/repositories
|
||||
|
||||
[repository.local]
|
||||
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
|
||||
|
||||
[repository.upload]
|
||||
TEMP_PATH = /data/gitea/uploads
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = /data/gitea
|
||||
DOMAIN = git.{{ .Values.homey.url }}
|
||||
HTTP_PORT = 3000
|
||||
ROOT_URL = https://git.{{ .Values.homey.url }}/
|
||||
DISABLE_SSH = true
|
||||
SSH_PORT = 443
|
||||
SSH_LISTEN_PORT = 22
|
||||
LFS_START_SERVER = true
|
||||
LFS_JWT_SECRET = {{ .homey_gitea_lfs_jwt_secret | b64enc | replace "=" "" }}
|
||||
OFFLINE_MODE = false
|
||||
|
||||
[lfs]
|
||||
PATH = /data/git/lfs
|
||||
|
||||
[database]
|
||||
PATH = /data/gitea/gitea.db
|
||||
DB_TYPE = sqlite3
|
||||
HOST = localhost:3306
|
||||
NAME = gitea
|
||||
USER = root
|
||||
PASSWD =
|
||||
LOG_SQL = false
|
||||
SCHEMA =
|
||||
SSL_MODE = disable
|
||||
CHARSET = utf8
|
||||
|
||||
[indexer]
|
||||
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
|
||||
|
||||
[session]
|
||||
PROVIDER_CONFIG = /data/gitea/sessions
|
||||
PROVIDER = file
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
|
||||
DISABLE_GRAVATAR = false
|
||||
ENABLE_FEDERATED_AVATAR = false
|
||||
|
||||
[attachment]
|
||||
PATH = /data/gitea/attachments
|
||||
|
||||
[log]
|
||||
MODE = console
|
||||
LEVEL = info
|
||||
ROUTER = console
|
||||
ROOT_PATH = /data/gitea/log
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
SECRET_KEY =
|
||||
REVERSE_PROXY_LIMIT = 1
|
||||
REVERSE_PROXY_TRUSTED_PROXIES = *
|
||||
INTERNAL_TOKEN = {{ .homey_gitea_random_internal_token }}
|
||||
PASSWORD_HASH_ALGO = pbkdf2
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = true
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = true
|
||||
ENABLE_CAPTCHA = false
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
NO_REPLY_ADDRESS = noreply.localhost
|
||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = true
|
||||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true
|
||||
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
|
||||
[openid]
|
||||
ENABLE_OPENID_SIGNIN = false
|
||||
ENABLE_OPENID_SIGNUP = false
|
||||
|
||||
[oauth2]
|
||||
ENABLE = false
|
||||
JWT_SECRET = {{ .homey_gitea_oauth2_jwt_secret | b64enc | replace "=" "" }}
|
||||
Reference in New Issue
Block a user