feat(security/authelia): add configuration.yml template (Sprint 7)
This commit is contained in:
@@ -0,0 +1,95 @@
|
|||||||
|
---
|
||||||
|
# Authelia configuration — Template
|
||||||
|
# Deploy to: /mnt/user/appdata/authelia/config/configuration.yml
|
||||||
|
# Docs: https://www.authelia.com/configuration/
|
||||||
|
# WICHTIG: Diese Datei NICHT in Git committen wenn user-spezifische Daten enthalten!
|
||||||
|
|
||||||
|
theme: dark
|
||||||
|
|
||||||
|
server:
|
||||||
|
address: tcp://0.0.0.0:9091
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: info
|
||||||
|
|
||||||
|
authentication_backend:
|
||||||
|
file:
|
||||||
|
path: /config/users_database.yml
|
||||||
|
password:
|
||||||
|
algorithm: argon2id
|
||||||
|
iterations: 1
|
||||||
|
key_length: 32
|
||||||
|
salt_length: 16
|
||||||
|
memory: 1024
|
||||||
|
parallelism: 8
|
||||||
|
|
||||||
|
access_control:
|
||||||
|
default_policy: deny
|
||||||
|
rules:
|
||||||
|
# Authelia selbst ist immer erreichbar (bypass)
|
||||||
|
- domain: auth.kaleschke.info
|
||||||
|
policy: bypass
|
||||||
|
|
||||||
|
# Oeffentliche Apps — kein Login noetig
|
||||||
|
- domain:
|
||||||
|
- immich.kaleschke.info
|
||||||
|
- paperless.kaleschke.info
|
||||||
|
- mealie.kaleschke.info
|
||||||
|
- vault.kaleschke.info
|
||||||
|
- ntfy.kaleschke.info
|
||||||
|
- git.kaleschke.info
|
||||||
|
- homepage.kaleschke.info
|
||||||
|
policy: bypass
|
||||||
|
|
||||||
|
# Admin-Dienste — 2FA erforderlich
|
||||||
|
- domain:
|
||||||
|
- komodo.kaleschke.info
|
||||||
|
- uptime.kaleschke.info
|
||||||
|
- files.kaleschke.info
|
||||||
|
- scrutiny.kaleschke.info
|
||||||
|
- beszel.kaleschke.info
|
||||||
|
policy: two_factor
|
||||||
|
|
||||||
|
# Alles andere — 1FA
|
||||||
|
- domain: "*.kaleschke.info"
|
||||||
|
policy: one_factor
|
||||||
|
|
||||||
|
session:
|
||||||
|
name: authelia_session
|
||||||
|
same_site: lax
|
||||||
|
expiration: 12h
|
||||||
|
inactivity: 45m
|
||||||
|
remember_me: 1M
|
||||||
|
cookies:
|
||||||
|
- domain: kaleschke.info
|
||||||
|
authelia_url: https://auth.kaleschke.info
|
||||||
|
default_redirection_url: https://homepage.kaleschke.info
|
||||||
|
|
||||||
|
regulation:
|
||||||
|
max_retries: 3
|
||||||
|
find_time: 2m
|
||||||
|
ban_time: 5m
|
||||||
|
|
||||||
|
storage:
|
||||||
|
postgres:
|
||||||
|
address: tcp://postgresql17:5432
|
||||||
|
database: authelia
|
||||||
|
username: authelia
|
||||||
|
password_file: /secrets/postgres_password.txt
|
||||||
|
|
||||||
|
notifier:
|
||||||
|
disable_startup_check: false
|
||||||
|
filesystem:
|
||||||
|
filename: /config/notifications.log
|
||||||
|
# SMTP (fuer 2FA-Codes per Mail — optional, empfohlen fuer Produktion):
|
||||||
|
# smtp:
|
||||||
|
# address: smtp://smtp.example.com:587
|
||||||
|
# username: user@example.com
|
||||||
|
# password: your_password
|
||||||
|
# sender: Authelia <authelia@kaleschke.info>
|
||||||
|
# subject: "[Authelia] {title}"
|
||||||
|
|
||||||
|
totp:
|
||||||
|
issuer: kaleschke.info
|
||||||
|
period: 30
|
||||||
|
skew: 1
|
||||||
Reference in New Issue
Block a user