homelab/archive/2022.07.bxl-k3s-pi/utils/idp/authelia/config.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: authelia-config
  namespace: idp
data:
  configuration.yml: |
    default_redirection_url: https://portal.bhasher.com
    theme: dark

    server:
      host: 0.0.0.0
      port: 9091

    log:
      level: debug
    
    totp:
      disable: false
      issuer: idp.bhasher.com
      algorithm: sha256
      digits: 6
      period: 30
      skew: 1
      secret_size: 32

    authentication_backend:
      disable_reset_password: false
      refresh_interval: 5m
      ldap:
        implementation: custom
        url: ldap://openldap.idp.svc.cluster.local
        timeout: 5s
        start_tls: false
        base_dn: DC=bhasher,DC=com
        username_attribute: uid
        additional_users_dn: ou=users
        users_filter: (&({username_attribute}={input})(objectClass=inetOrgPerson))
        additional_groups_dn: ou=groups
        groups_filter: (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
        group_name_attribute: cn
        mail_attribute: mail
        display_name_attribute: cn
        permit_referrals: false
    
    access_control:
      default_policy: deny
      rules:
      - domain: '*.bhasher.com'
        policy: two_factor
        subject:
        - "group:admin"
      - domain: 'git.bhasher.com'
        policy: two_factor
        subject:
        - "group:contributor"
      - domain: 'wiki.bhasher.com'
        policy: two_factor
        subject:
        - "group:contributor"
      - domain: 'radarr.bhasher.com'
        policy: two_factor
        subject:
        - "group:mediaserver"
      - domain: 'nextcloud.bhasher.com'
        policy: two_factor
        subject:
        - "group:home"
    
    session:
      name: auth_session
      domain: bhasher.com
      same_site: lax
      expiration: 1d
      inactivity: 3h
      remember_me_duration: 1w
      redis:
        host: redis.storage.svc.cluster.local
        port: 6379

    regulation:
      max_retries: 3
      find_time: 1m
      ban_time: 5m

    storage:
      # local:
      #   path: /data/db.sqlite3
      postgres:
        host: postgres.storage.svc.cluster.local
        port: 5432
        database: authelia
        schema: public
        username: authelia

    notifier:
      smtp:
        username: no-reply@bhasher.com
        host: bdubois.io
        port: 587
        sender: no-reply@bhasher.com
        tls:
          skip_verify: true

    password_policy:
      standard:
        enabled: true
        min_length: 8
        max_length: 0
        require_uppercase: false
        require_lowercase: false
        require_number: false
        require_special: false

    identity_providers:
      oidc:
        issuer_private_key: |
          -----BEGIN RSA PRIVATE KEY-----
          MIIEowIBAAKCAQEAwz+97ZILHP+8Hxu2XsK17QZEyOiGQ45SRl6/UbjhiN5Cc5di
          UQ3I8LaHwvxrsbbBaqLQsYVISye8xdeVvKEa/Pk/VYVGRgOQ+DFHPthOYwGa9bZa
          INtvOKy85OiqFY8mamRiTkCDo4unxVf35mI6Z01+a5WycvG2mC1VY3v0VC2/PyJt
          uRusqk9946DbP7IJ83WS8GuVEGsKna8pjr1DW2kC+qUZtA8pM0mH8EK1o2wDKPOb
          X/4J+/A9kbx2Gnt8gxq3NtErcUHsSKwQtQfik38ehfFfOxq+xINjn5W90gUvx2q5
          zI3gk2cJFTxiKqRtYfTETnepvKqkzTMlBCVAMwIDAQABAoIBAHlpfMBrbW+18xRh
          FjGs4JYorMNGHJ+Ls8vAhTXbQpvqoeXhQCjo6ogM6TUt5AYZgALAhgeturvJVRCt
          s5YdlHu0vlZ+zqkg9JfxhL0mou/cArFCmJ8P9QSIHdo2d/V6E8ha7ep9IZ6kbEpC
          HoxrjqfIP5HE/7eMaSAOKKf5X4Cr701/3r/0rD+BsYZPC0eklRO2W1x801n0+ks0
          oVI1/fNkM+F8It7GK/AC1KGThLL8DzBP9cwYaqnABktNKCh+/2z4+50G9z8Bcc3F
          4FUYubidahZ0DD0KniFGcENfDhLPpy3HsQU6Sp5IgZBaM+jbbp5Grv3Wh7kqDEOQ
          tmdjEGECgYEA7ZLpHm8h2C9nMFwMzCR18VQgAzLlhCxBJn7wOF5EUOJWNRCo1To1
          G9qNMUKb1pcnwYGc2s488YfiUkufxZKCjdRSmVwul4D5ufb4zGu/4ulzfrx6DnjJ
          8BBAtYPiP5RD+m9keB1OI6BHYOMtLi4Vv+XjkasTbtYRWcPdQABC+DECgYEA0mR1
          ye9T4KcrQoFP14I0vFkVLe2gzVa3Kn5MSM7iMMXcTV3G2GSQCtufpVRbGvw0qgDy
          cdIvT24dIhYaqF33IuJdZgzSlM4/3KQbMPhVlLpaGpiP1CqUuxsTlrjzOZUkTZBE
          BrfkBO9VwaGX35WqnatFyXJ3TEWPt4/1s9DfiaMCgYEA4sg6gDLVu+iEOEWmcbjc
          XWJQrL0JGwKjrnu+FBDoZc2pPT6J7AGEcPJPlZZf7Jid+rofYT8+LdHo2WYXPiJ9
          PaZQstSsJTOZL0vydDDnG1R+S5zfZrEnE2JwYtViRA7kVUvAPGi9DoURngs+NbcI
          TAbHFWaZRlRSe73clhup0gECgYBK9Pm2MSssDcLu1c1RVZVeSUqva0rv/WYSoJ6j
          DfouMEAV3EQ80k8zXx3YtF4lFhfZPa8i+CRc4zlD7KYguCGVbxqhgg4AcB72iA0b
          /E3ZSC9T7GjJyUXmB3aKK2iUaltduvlRf3CghXiDHQRT5ym7NMsPQ1XXea0DVCnQ
          n6kUiwKBgDAMfny68ymQVskEv/NCTbRkpz6O1DA997QyjPV/QyfSpt1znPuNvgkE
          SQu0C/b47Nm2ZGAHVryWLo8bBS8+ECEV74GM/kHoDWpWzEeoxynW+dBZoP9sbKzZ
          LCWjPegQEkVdtp83Thfqb/MfeUj8GHf8MegIGoJd50f19tggd4a3
          -----END RSA PRIVATE KEY-----
        access_token_lifespan: 3h
        authorize_code_lifespan: 1m
        id_token_lifespan: 1h
        refresh_token_lifespan: 90m
        enable_client_debug_messages: false
        cors:
          endpoints:
          - authorization
          - token
          - revocation
          - introspection
          allowed_origins:
          - https://git.bhasher.com
          allowed_origins_from_client_redirect_uris: false
Archives 2023-04-16 15:04:06 +02:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: authelia-config`
			`namespace: idp`
			`data:`
			`configuration.yml: \|`
			`default_redirection_url: https://portal.bhasher.com`
			`theme: dark`

			`server:`
			`host: 0.0.0.0`
			`port: 9091`

			`log:`
			`level: debug`

			`totp:`
			`disable: false`
			`issuer: idp.bhasher.com`
			`algorithm: sha256`
			`digits: 6`
			`period: 30`
			`skew: 1`
			`secret_size: 32`

			`authentication_backend:`
			`disable_reset_password: false`
			`refresh_interval: 5m`
			`ldap:`
			`implementation: custom`
			`url: ldap://openldap.idp.svc.cluster.local`
			`timeout: 5s`
			`start_tls: false`
			`base_dn: DC=bhasher,DC=com`
			`username_attribute: uid`
			`additional_users_dn: ou=users`
			`users_filter: (&({username_attribute}={input})(objectClass=inetOrgPerson))`
			`additional_groups_dn: ou=groups`
			`groups_filter: (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))`
			`group_name_attribute: cn`
			`mail_attribute: mail`
			`display_name_attribute: cn`
			`permit_referrals: false`

			`access_control:`
			`default_policy: deny`
			`rules:`
			`- domain: '*.bhasher.com'`
			`policy: two_factor`
			`subject:`
			`- "group:admin"`
			`- domain: 'git.bhasher.com'`
			`policy: two_factor`
			`subject:`
			`- "group:contributor"`
			`- domain: 'wiki.bhasher.com'`
			`policy: two_factor`
			`subject:`
			`- "group:contributor"`
			`- domain: 'radarr.bhasher.com'`
			`policy: two_factor`
			`subject:`
			`- "group:mediaserver"`
			`- domain: 'nextcloud.bhasher.com'`
			`policy: two_factor`
			`subject:`
			`- "group:home"`

			`session:`
			`name: auth_session`
			`domain: bhasher.com`
			`same_site: lax`
			`expiration: 1d`
			`inactivity: 3h`
			`remember_me_duration: 1w`
			`redis:`
			`host: redis.storage.svc.cluster.local`
			`port: 6379`

			`regulation:`
			`max_retries: 3`
			`find_time: 1m`
			`ban_time: 5m`

			`storage:`
			`# local:`
			`# path: /data/db.sqlite3`
			`postgres:`
			`host: postgres.storage.svc.cluster.local`
			`port: 5432`
			`database: authelia`
			`schema: public`
			`username: authelia`

			`notifier:`
			`smtp:`
			`username: no-reply@bhasher.com`
			`host: bdubois.io`
			`port: 587`
			`sender: no-reply@bhasher.com`
			`tls:`
			`skip_verify: true`

			`password_policy:`
			`standard:`
			`enabled: true`
			`min_length: 8`
			`max_length: 0`
			`require_uppercase: false`
			`require_lowercase: false`
			`require_number: false`
			`require_special: false`

			`identity_providers:`
			`oidc:`
			`issuer_private_key: \|`
			`-----BEGIN RSA PRIVATE KEY-----`
			`MIIEowIBAAKCAQEAwz+97ZILHP+8Hxu2XsK17QZEyOiGQ45SRl6/UbjhiN5Cc5di`
			`UQ3I8LaHwvxrsbbBaqLQsYVISye8xdeVvKEa/Pk/VYVGRgOQ+DFHPthOYwGa9bZa`
			`INtvOKy85OiqFY8mamRiTkCDo4unxVf35mI6Z01+a5WycvG2mC1VY3v0VC2/PyJt`
			`uRusqk9946DbP7IJ83WS8GuVEGsKna8pjr1DW2kC+qUZtA8pM0mH8EK1o2wDKPOb`
			`X/4J+/A9kbx2Gnt8gxq3NtErcUHsSKwQtQfik38ehfFfOxq+xINjn5W90gUvx2q5`
			`zI3gk2cJFTxiKqRtYfTETnepvKqkzTMlBCVAMwIDAQABAoIBAHlpfMBrbW+18xRh`
			`FjGs4JYorMNGHJ+Ls8vAhTXbQpvqoeXhQCjo6ogM6TUt5AYZgALAhgeturvJVRCt`
			`s5YdlHu0vlZ+zqkg9JfxhL0mou/cArFCmJ8P9QSIHdo2d/V6E8ha7ep9IZ6kbEpC`
			`HoxrjqfIP5HE/7eMaSAOKKf5X4Cr701/3r/0rD+BsYZPC0eklRO2W1x801n0+ks0`
			`oVI1/fNkM+F8It7GK/AC1KGThLL8DzBP9cwYaqnABktNKCh+/2z4+50G9z8Bcc3F`
			`4FUYubidahZ0DD0KniFGcENfDhLPpy3HsQU6Sp5IgZBaM+jbbp5Grv3Wh7kqDEOQ`
			`tmdjEGECgYEA7ZLpHm8h2C9nMFwMzCR18VQgAzLlhCxBJn7wOF5EUOJWNRCo1To1`
			`G9qNMUKb1pcnwYGc2s488YfiUkufxZKCjdRSmVwul4D5ufb4zGu/4ulzfrx6DnjJ`
			`8BBAtYPiP5RD+m9keB1OI6BHYOMtLi4Vv+XjkasTbtYRWcPdQABC+DECgYEA0mR1`
			`ye9T4KcrQoFP14I0vFkVLe2gzVa3Kn5MSM7iMMXcTV3G2GSQCtufpVRbGvw0qgDy`
			`cdIvT24dIhYaqF33IuJdZgzSlM4/3KQbMPhVlLpaGpiP1CqUuxsTlrjzOZUkTZBE`
			`BrfkBO9VwaGX35WqnatFyXJ3TEWPt4/1s9DfiaMCgYEA4sg6gDLVu+iEOEWmcbjc`
			`XWJQrL0JGwKjrnu+FBDoZc2pPT6J7AGEcPJPlZZf7Jid+rofYT8+LdHo2WYXPiJ9`
			`PaZQstSsJTOZL0vydDDnG1R+S5zfZrEnE2JwYtViRA7kVUvAPGi9DoURngs+NbcI`
			`TAbHFWaZRlRSe73clhup0gECgYBK9Pm2MSssDcLu1c1RVZVeSUqva0rv/WYSoJ6j`
			`DfouMEAV3EQ80k8zXx3YtF4lFhfZPa8i+CRc4zlD7KYguCGVbxqhgg4AcB72iA0b`
			`/E3ZSC9T7GjJyUXmB3aKK2iUaltduvlRf3CghXiDHQRT5ym7NMsPQ1XXea0DVCnQ`
			`n6kUiwKBgDAMfny68ymQVskEv/NCTbRkpz6O1DA997QyjPV/QyfSpt1znPuNvgkE`
			`SQu0C/b47Nm2ZGAHVryWLo8bBS8+ECEV74GM/kHoDWpWzEeoxynW+dBZoP9sbKzZ`
			`LCWjPegQEkVdtp83Thfqb/MfeUj8GHf8MegIGoJd50f19tggd4a3`
			`-----END RSA PRIVATE KEY-----`
			`access_token_lifespan: 3h`
			`authorize_code_lifespan: 1m`
			`id_token_lifespan: 1h`
			`refresh_token_lifespan: 90m`
			`enable_client_debug_messages: false`
			`cors:`
			`endpoints:`
			`- authorization`
			`- token`
			`- revocation`
			`- introspection`
			`allowed_origins:`
			`- https://git.bhasher.com`
			`allowed_origins_from_client_redirect_uris: false`