Bhasher/homelab
Bhasher
/
homelab
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
homelab/bxl-shp/config/idp/authelia.configuration.yaml

275 lines
6.5 KiB
YAML
Raw Blame History

default_redirection_url: https://hub.bhasher.com
theme: dark
server:
host: 0.0.0.0
port: 9091
log:
level: warn
file_path: /logs/authelia.log
#format: json
totp:
disable: false
issuer: idp.bhasher.com
algorithm: sha256
digits: 6
period: 30
skew: 1
secret_size: 32
ntp:
disable_startup_check: true
authentication_backend:
password_reset:
disable: false
refresh_interval: 5m
ldap:
user: cn=readonly,dc=bhasher,dc=com
implementation: custom
url: ldap://openldap
timeout: 5s
start_tls: false
base_dn: DC=bhasher,DC=com
username_attribute: uid
additional_users_dn: ou=users
users_filter: (&({username_attribute}={input})(objectClass=inetOrgPerson))
additional_groups_dn: ou=groups
groups_filter: (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
group_name_attribute: cn
mail_attribute: mail
display_name_attribute: cn
permit_referrals: false
access_control:
default_policy: deny
rules:
- domain: 'radarr.bhasher.com'
policy: one_factor
subject:
- "group:mediaserver"
- domain: 'sonarr.bhasher.com'
policy: one_factor
subject:
- "group:mediaserver"
- domain: 'jellyfin.bhasher.com'
policy: one_factor
subject:
- "group:mediaserver"
- domain: 'lum.bhasher.com'
policy: two_factor
subject:
- "group:admin"
- domain: 'mealie.bhasher.com'
policy: one_factor
subject:
- "group:member"
methods:
- "GET"
- "HEAD"
- "POST"
- "PUT"
- "DELETE"
- "CONNECT"
- "OPTIONS"
- "TRACE"
- domain: '*.bhasher.com'
policy: one_factor
subject:
- "group:admin"
session:
name: auth_session
domain: bhasher.com
same_site: lax
expiration: 1d
inactivity: 3h
remember_me_duration: 1w
redis:
host: redis
port: 6379
regulation:
max_retries: 3
find_time: 1m
ban_time: 5m
storage:
# local:
# path: /data/db.sqlite3
postgres:
host: postgres
port: 5432
database: authelia
schema: public
username: postgres
notifier:
smtp:
host: bdubois.io
port: 587
sender: no-reply@bhasher.com
password_policy:
standard:
enabled: true
min_length: 8
max_length: 0
require_uppercase: false
require_lowercase: false
require_number: false
require_special: false
telemetry:
metrics:
enabled: true
address: "tcp://0.0.0.0:9959"
buffers:
read: 4096
write: 4096
timeouts:
read: 6s
write: 6s
idle: 30s
identity_providers:
oidc:
enforce_pkce: public_clients_only
cors:
allowed_origins_from_client_redirect_uris: true
endpoints:
- 'authorization'
- 'token'
- 'revocation'
- 'introspection'
clients:
- id: grafana
description: Grafana
secret: '$argon2id$v=19$m=65536,t=3,p=4$dQfNyInvlh1Lgw3JXi7G6A$M/WaNpHJkAyaQcXIMsOTl0+gBWGPPVBoCm7NpEQfTpI'
public: false
authorization_policy: one_factor
redirect_uris:
- https://grafana.bhasher.com/login/generic_oauth
consent_mode: implicit
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
- id: matrix_synapse
description: Matrix Synapse
secret: '$argon2id$v=19$m=65536,t=3,p=4$Z+6HONrjDp54s+MhXuq1cA$bjc5tMGD3gR6AaBYIDx3S2mz/UfPv6a0n1Vf3q2Ifik'
public: false
authorization_policy: one_factor
redirect_uris:
- https://matrix.bhasher.com/_synapse/client/oidc/callback
consent_mode: implicit
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
- id: portainer
description: Portainer
secret: '$argon2id$v=19$m=65536,t=3,p=4$7bqhx/sMH6Hes4ggVwpEPg$uue9QyGkROpAihkGpbDV6YjKCJlZVXj1JBkJfyLj2MI'
public: false
authorization_policy: two_factor
redirect_uris:
- https://portainer.bxl.bhasher.com
consent_mode: implicit
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
- id: jellyfin
description: Jellyfn
secret: '$argon2id$v=19$m=65536,t=3,p=4$+AqLF91LkfyZJIhjxq3lVQ$m0aSF/XYaWAU1NgRUlwMC3cB0k09Jg+HBBXa8iJWCLk'
public: false
authorization_policy: one_factor
redirect_uris:
- https://jellyfin.bhasher.com/sso/OID/redirect/Authelia
consent_mode: implicit
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
- id: miniflux
description: Miniflux
secret: '$argon2id$v=19$m=65536,t=3,p=4$6CLrUJhwSMsOAryD/Fn0JA$1Lw6ECq0SSxDOQhbxM3nuHaXaEbXyVOgndGjAkTmkbc'
public: false
authorization_policy: one_factor
redirect_uris:
- https://miniflux.bhasher.com/oauth2/oidc/callback
consent_mode: implicit
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
- id: gitea
description: Gitea
secret: '$argon2id$v=19$m=65536,t=3,p=4$hVcRat4GdQSCfaikh6C7xQ$KydT/DYUVnazMHhhZgYN9+LMaAI9vpX9x53PcYgsrko'
public: false
authorization_policy: two_factor
redirect_uris:
- https://git.bhasher.com/user/oauth2/Authelia/callback
consent_mode: implicit
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
- id: seafile
description: Seafile
secret: '$argon2id$v=19$m=65536,t=3,p=4$vZ7/eiJGrPeuEWwllkN7zw$IhspEFbyQe/rBzchVs8iigsQKbYsXPfBBhR2Loo0afI'
public: false
authorization_policy: one_factor
redirect_uris:
- https://file.bhasher.com/oauth/callback/
consent_mode: implicit
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
- id: wikijs
description: WikiJS
secret: '$argon2id$v=19$m=65536,t=3,p=4$aAnFAm2XL8rGMOLhMpgL1Q$ZBJ3v0d1guzLj/FVBTJz2v+ZAhy/jZc7B4iNozvx+hU'
public: false
authorization_policy: one_factor
redirect_uris:
- https://wiki.bhasher.com/login/4b20571d-a8d7-4384-a95c-589fe7fc7ab6/callback
consent_mode: implicit
scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none
- id: mealie
description: Mealie
public: true
authorization_policy: one_factor
redirect_uris:
- https://recipes.bhasher.com/login
- https://recipes.bhasher.com/login?direct=1
consent_mode: implicit
scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none
Reference in New Issue View Git Blame Copy Permalink