Aner Zakobar
88 lines
2.5 KiB
YAML
88 lines
2.5 KiB
YAML
###############################################################
|
|
# Authelia minimal configuration #
|
|
###############################################################
|
|
theme: "light"
|
|
log:
|
|
level: "debug"
|
|
jwt_secret: {{ .homey_authelia_jwt | quote }}
|
|
authentication_backend:
|
|
ldap:
|
|
implementation: "custom"
|
|
url: "ldap://openldap:389"
|
|
timeout: "5s"
|
|
start_tls: false
|
|
base_dn: "{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim}}"
|
|
users_filter: "({username_attribute}={input})"
|
|
username_attribute: "uid"
|
|
additional_users_dn: "ou=users"
|
|
groups_filter: "(&(uniquemember=uid={input},ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim}})(objectclass=groupOfUniqueNames))"
|
|
group_name_attribute: "cn"
|
|
additional_groups_dn: "ou=groups"
|
|
mail_attribute: "mail"
|
|
display_name_attribute: "uid"
|
|
permit_referrals: false
|
|
permit_unauthenticated_bind: false
|
|
user: "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}"
|
|
password: {{ .homey_openldap_ro | quote }}
|
|
totp:
|
|
issuer: "{{ .Values.homey.url }}"
|
|
disable: false
|
|
session:
|
|
name: authelia_session
|
|
secret: {{ .homey_authelia_session | quote }}
|
|
expiration: 3600 # 1 hour
|
|
inactivity: 7200 # 2 hours
|
|
domain: "{{ .Values.homey.url}}" # needs to be your root domain
|
|
storage:
|
|
local:
|
|
path: "/config/db.sqlite3"
|
|
encryption_key: {{ .homey_authelia_encryption_key | quote }}
|
|
access_control:
|
|
default_policy: "deny"
|
|
rules:
|
|
- domain:
|
|
- "auth.zakobar.com"
|
|
policy: "bypass"
|
|
- domain:
|
|
- "dav.{{ .Values.homey.url }}"
|
|
policy: "one_factor"
|
|
- domain:
|
|
- "ldapadmin.{{ .Values.homey.url }}"
|
|
subject:
|
|
- 'group:admins'
|
|
policy: "two_factor"
|
|
- domain:
|
|
- "*.admin.{{ .Values.homey.url }}"
|
|
subject:
|
|
- 'group:admins'
|
|
policy: "two_factor"
|
|
- domain:
|
|
- "*.admin.{{ .Values.homey.url }}"
|
|
policy: "deny"
|
|
- domain:
|
|
- "torrent.{{ .Values.homey.url }}"
|
|
subject:
|
|
- 'group:admins'
|
|
policy: "two_factor"
|
|
- domain:
|
|
- "torrent.{{ .Values.homey.url }}"
|
|
policy: "deny"
|
|
- domain:
|
|
- "stash-dl.{{ .Values.homey.url }}"
|
|
policy: "one_factor"
|
|
- domain:
|
|
- "stash.{{ .Values.homey.url }}"
|
|
policy: "one_factor"
|
|
- domain:
|
|
- "paperless.{{ .Values.homey.url }}"
|
|
policy: "one_factor"
|
|
notifier:
|
|
filesystem:
|
|
filename: "/var/lib/authelia/emails.txt"
|
|
ntp:
|
|
address: 'udp://time.cloudflare.com:123'
|
|
version: 3
|
|
max_desync: '3s'
|
|
disable_startup_check: false
|
|
disable_failure: true
|