From fca2dc576d5c9c4b5d7766f76819ea6ef9323509 Mon Sep 17 00:00:00 2001 From: Micha Date: Mon, 30 Mar 2026 13:27:35 +0000 Subject: [PATCH] afeat(authelia): add OIDC client for Beszel, set bypass policy --- security/authelia/configuration.yml | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/security/authelia/configuration.yml b/security/authelia/configuration.yml index 1ae74b4..844e9a5 100644 --- a/security/authelia/configuration.yml +++ b/security/authelia/configuration.yml @@ -47,9 +47,12 @@ access_control: - uptime.kaleschke.info - files.kaleschke.info - scrutiny.kaleschke.info - - beszel.kaleschke.info policy: two_factor + # Beszel → OIDC-Login (kein ForwardAuth) + - domain: beszel.kaleschke.info + policy: bypass + # Alles andere — 1FA - domain: "*.kaleschke.info" policy: one_factor @@ -91,4 +94,26 @@ notifier: totp: issuer: kaleschke.info period: 30 - skew: 1 \ No newline at end of file + skew: 1 + +identity_providers: + oidc: + clients: + - client_id: 'beszel' + client_name: 'Beszel' + client_secret: '$argon2id$v=19$m=65536,t=3,p=4$bXTt49iW61s0c8/ZiBlguw$VquorRqL134mjQ6Qa13JY6AI/QCwdk7g1jpc/UtRZPQ' + public: false + authorization_policy: 'two_factor' + require_pkce: true + pkce_challenge_method: 'S256' + redirect_uris: + - 'https://beszel.kaleschke.info/api/oauth2-redirect' + scopes: + - 'openid' + - 'email' + - 'profile' + response_types: + - 'code' + grant_types: + - 'authorization_code' + token_endpoint_auth_method: 'client_secret_basic'