fix: use Authelia environment variables instead of YAML substitution

- Set AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET in compose
- Set AUTHELIA_SESSION_SECRET in compose
- Set AUTHELIA_STORAGE_ENCRYPTION_KEY in compose
- Set AUTHELIA_STORAGE_POSTGRES_PASSWORD in compose
- Remove variable syntax from configuration.yml
- Authelia reads these directly from environment variables

net/authelia/configuration.yml

@@ -15,9 +15,8 @@ log:
   level: info
   format: text
 
-identity_validation:
-  reset_password:
-    jwt_secret: ${AUTHELIA_JWT_SECRET}
+# identity_validation jwt_secret set via environment variable:
+# AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET
 
 totp:
   issuer: pivoine.art
@@ -85,8 +84,8 @@ access_control:
         - "coolify.pivoine.art"
       policy: two_factor
 
+# session secret set via environment variable: AUTHELIA_SESSION_SECRET
 session:
-  secret: ${AUTHELIA_SESSION_SECRET}
   cookies:
     - name: authelia_session
       domain: pivoine.art
@@ -100,14 +99,14 @@ regulation:
   find_time: 2m
   ban_time: 5m
 
+# storage encryption_key and postgres password set via environment variables:
+# AUTHELIA_STORAGE_ENCRYPTION_KEY, AUTHELIA_STORAGE_POSTGRES_PASSWORD
 storage:
-  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
   postgres:
     host: postgres
     port: 5432
     database: authelia
     username: valknar
-    password: ${DB_PASSWORD}
     schema: public
 
 notifier:

net/compose.yaml

@@ -272,9 +272,10 @@ services:
     restart: unless-stopped
     environment:
       TZ: ${TIMEZONE:-Europe/Berlin}
-      AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
+      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
       AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
       AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+      AUTHELIA_STORAGE_POSTGRES_PASSWORD: ${DB_PASSWORD}
     volumes:
       - authelia_config:/config
       - ./authelia:/etc/authelia:ro