Sebastian Krüger
94e6656f31
- Remove envsubst complexity for password hashes - Keep users_database.yml only on server (not in git) - Add users_database.yml to .gitignore - Update users_database.template.yml with multi-user examples - Configure Authelia to watch users_database.yml for changes - Users can now be added/removed by editing the file on server - Supports unlimited users without code changes
118 lines
2.3 KiB
YAML
118 lines
2.3 KiB
YAML
---
|
|
###############################################################
|
|
# Authelia Configuration #
|
|
###############################################################
|
|
|
|
theme: auto
|
|
|
|
server:
|
|
host: 0.0.0.0
|
|
port: 9091
|
|
path: ""
|
|
asset_path: /config/assets/
|
|
headers:
|
|
csp_template: ""
|
|
|
|
log:
|
|
level: info
|
|
format: text
|
|
|
|
totp:
|
|
issuer: pivoine.art
|
|
period: 30
|
|
skew: 1
|
|
|
|
webauthn:
|
|
disable: false
|
|
display_name: Pivoine Auth
|
|
attestation_conveyance_preference: indirect
|
|
user_verification: preferred
|
|
timeout: 60s
|
|
|
|
ntp:
|
|
address: "time.cloudflare.com:123"
|
|
version: 4
|
|
max_desync: 3s
|
|
disable_startup_check: false
|
|
disable_failure: false
|
|
|
|
authentication_backend:
|
|
password_reset:
|
|
disable: false
|
|
refresh_interval: 5m
|
|
file:
|
|
path: /etc/authelia/users_database.yml
|
|
watch: true
|
|
password:
|
|
algorithm: argon2
|
|
argon2:
|
|
variant: argon2id
|
|
iterations: 3
|
|
memory: 65536
|
|
parallelism: 4
|
|
key_length: 32
|
|
salt_length: 16
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
# Authelia portal itself
|
|
- domain: auth.pivoine.art
|
|
policy: bypass
|
|
|
|
# Services that should be publicly accessible
|
|
- domain:
|
|
- "pivoine.art"
|
|
- "www.pivoine.art"
|
|
policy: bypass
|
|
|
|
# Protected services - require authentication
|
|
- domain:
|
|
- "netdata.pivoine.art"
|
|
- "mailpit.pivoine.art"
|
|
- "scrapy.pivoine.art"
|
|
- "restic.pivoine.art"
|
|
- "traefik.pivoine.art"
|
|
policy: two_factor
|
|
|
|
# Development services
|
|
- domain:
|
|
- "dev.pivoine.art"
|
|
- "n8n.pivoine.art"
|
|
- "asciinema.pivoine.art"
|
|
- "coolify.pivoine.art"
|
|
policy: two_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
domain: pivoine.art
|
|
same_site: lax
|
|
expiration: 1h
|
|
inactivity: 5m
|
|
remember_me_duration: 1M
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
storage:
|
|
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
|
postgres:
|
|
host: postgres
|
|
port: 5432
|
|
database: authelia
|
|
username: valknar
|
|
password: ${DB_PASSWORD}
|
|
schema: public
|
|
|
|
notifier:
|
|
disable_startup_check: false
|
|
smtp:
|
|
host: net_mailpit
|
|
port: 1025
|
|
sender: auth@pivoine.art
|
|
identifier: auth.pivoine.art
|
|
disable_require_tls: true
|
|
disable_html_emails: false
|