275 lines
6.5 KiB
YAML
275 lines
6.5 KiB
YAML
default_redirection_url: https://hub.bhasher.com
|
|
theme: dark
|
|
|
|
server:
|
|
host: 0.0.0.0
|
|
port: 9091
|
|
|
|
log:
|
|
level: warn
|
|
file_path: /logs/authelia.log
|
|
#format: json
|
|
|
|
totp:
|
|
disable: false
|
|
issuer: idp.bhasher.com
|
|
algorithm: sha256
|
|
digits: 6
|
|
period: 30
|
|
skew: 1
|
|
secret_size: 32
|
|
|
|
ntp:
|
|
disable_startup_check: true
|
|
|
|
authentication_backend:
|
|
password_reset:
|
|
disable: false
|
|
refresh_interval: 5m
|
|
ldap:
|
|
user: cn=readonly,dc=bhasher,dc=com
|
|
implementation: custom
|
|
url: ldap://openldap
|
|
timeout: 5s
|
|
start_tls: false
|
|
base_dn: DC=bhasher,DC=com
|
|
username_attribute: uid
|
|
additional_users_dn: ou=users
|
|
users_filter: (&({username_attribute}={input})(objectClass=inetOrgPerson))
|
|
additional_groups_dn: ou=groups
|
|
groups_filter: (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
|
|
group_name_attribute: cn
|
|
mail_attribute: mail
|
|
display_name_attribute: cn
|
|
permit_referrals: false
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: 'radarr.bhasher.com'
|
|
policy: one_factor
|
|
subject:
|
|
- "group:mediaserver"
|
|
- domain: 'sonarr.bhasher.com'
|
|
policy: one_factor
|
|
subject:
|
|
- "group:mediaserver"
|
|
- domain: 'jellyfin.bhasher.com'
|
|
policy: one_factor
|
|
subject:
|
|
- "group:mediaserver"
|
|
- domain: 'lum.bhasher.com'
|
|
policy: two_factor
|
|
subject:
|
|
- "group:admin"
|
|
- domain: 'mealie.bhasher.com'
|
|
policy: one_factor
|
|
subject:
|
|
- "group:member"
|
|
methods:
|
|
- "GET"
|
|
- "HEAD"
|
|
- "POST"
|
|
- "PUT"
|
|
- "DELETE"
|
|
- "CONNECT"
|
|
- "OPTIONS"
|
|
- "TRACE"
|
|
- domain: '*.bhasher.com'
|
|
policy: one_factor
|
|
subject:
|
|
- "group:admin"
|
|
|
|
session:
|
|
name: auth_session
|
|
domain: bhasher.com
|
|
same_site: lax
|
|
expiration: 1d
|
|
inactivity: 3h
|
|
remember_me_duration: 1w
|
|
redis:
|
|
host: redis
|
|
port: 6379
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 1m
|
|
ban_time: 5m
|
|
|
|
storage:
|
|
# local:
|
|
# path: /data/db.sqlite3
|
|
postgres:
|
|
host: postgres
|
|
port: 5432
|
|
database: authelia
|
|
schema: public
|
|
username: postgres
|
|
|
|
notifier:
|
|
smtp:
|
|
host: bdubois.io
|
|
port: 587
|
|
sender: no-reply@bhasher.com
|
|
|
|
password_policy:
|
|
standard:
|
|
enabled: true
|
|
min_length: 8
|
|
max_length: 0
|
|
require_uppercase: false
|
|
require_lowercase: false
|
|
require_number: false
|
|
require_special: false
|
|
|
|
telemetry:
|
|
metrics:
|
|
enabled: true
|
|
address: "tcp://0.0.0.0:9959"
|
|
buffers:
|
|
read: 4096
|
|
write: 4096
|
|
timeouts:
|
|
read: 6s
|
|
write: 6s
|
|
idle: 30s
|
|
|
|
|
|
identity_providers:
|
|
oidc:
|
|
enforce_pkce: public_clients_only
|
|
cors:
|
|
allowed_origins_from_client_redirect_uris: true
|
|
endpoints:
|
|
- 'authorization'
|
|
- 'token'
|
|
- 'revocation'
|
|
- 'introspection'
|
|
clients:
|
|
- id: grafana
|
|
description: Grafana
|
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$dQfNyInvlh1Lgw3JXi7G6A$M/WaNpHJkAyaQcXIMsOTl0+gBWGPPVBoCm7NpEQfTpI'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://grafana.bhasher.com/login/generic_oauth
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- groups
|
|
- email
|
|
userinfo_signing_algorithm: none
|
|
- id: matrix_synapse
|
|
description: Matrix Synapse
|
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$Z+6HONrjDp54s+MhXuq1cA$bjc5tMGD3gR6AaBYIDx3S2mz/UfPv6a0n1Vf3q2Ifik'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://matrix.bhasher.com/_synapse/client/oidc/callback
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
userinfo_signing_algorithm: none
|
|
- id: portainer
|
|
description: Portainer
|
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$7bqhx/sMH6Hes4ggVwpEPg$uue9QyGkROpAihkGpbDV6YjKCJlZVXj1JBkJfyLj2MI'
|
|
public: false
|
|
authorization_policy: two_factor
|
|
redirect_uris:
|
|
- https://portainer.bxl.bhasher.com
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- groups
|
|
- email
|
|
userinfo_signing_algorithm: none
|
|
- id: jellyfin
|
|
description: Jellyfn
|
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$+AqLF91LkfyZJIhjxq3lVQ$m0aSF/XYaWAU1NgRUlwMC3cB0k09Jg+HBBXa8iJWCLk'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://jellyfin.bhasher.com/sso/OID/redirect/Authelia
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- groups
|
|
- email
|
|
userinfo_signing_algorithm: none
|
|
- id: miniflux
|
|
description: Miniflux
|
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$6CLrUJhwSMsOAryD/Fn0JA$1Lw6ECq0SSxDOQhbxM3nuHaXaEbXyVOgndGjAkTmkbc'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://miniflux.bhasher.com/oauth2/oidc/callback
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- groups
|
|
- email
|
|
userinfo_signing_algorithm: none
|
|
- id: gitea
|
|
description: Gitea
|
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$hVcRat4GdQSCfaikh6C7xQ$KydT/DYUVnazMHhhZgYN9+LMaAI9vpX9x53PcYgsrko'
|
|
public: false
|
|
authorization_policy: two_factor
|
|
redirect_uris:
|
|
- https://git.bhasher.com/user/oauth2/Authelia/callback
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- groups
|
|
- email
|
|
userinfo_signing_algorithm: none
|
|
- id: seafile
|
|
description: Seafile
|
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$vZ7/eiJGrPeuEWwllkN7zw$IhspEFbyQe/rBzchVs8iigsQKbYsXPfBBhR2Loo0afI'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://file.bhasher.com/oauth/callback/
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
userinfo_signing_algorithm: none
|
|
- id: wikijs
|
|
description: WikiJS
|
|
secret: '$argon2id$v=19$m=65536,t=3,p=4$aAnFAm2XL8rGMOLhMpgL1Q$ZBJ3v0d1guzLj/FVBTJz2v+ZAhy/jZc7B4iNozvx+hU'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://wiki.bhasher.com/login/4b20571d-a8d7-4384-a95c-589fe7fc7ab6/callback
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
userinfo_signing_algorithm: none
|
|
|
|
- id: mealie
|
|
description: Mealie
|
|
public: true
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://recipes.bhasher.com/login
|
|
- https://recipes.bhasher.com/login?direct=1
|
|
consent_mode: implicit
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
userinfo_signing_algorithm: none
|
|
|