95 lines
2.2 KiB
YAML
95 lines
2.2 KiB
YAML
---
|
|
# Authelia configuration — Template
|
|
# Deploy to: /mnt/user/appdata/authelia/config/configuration.yml
|
|
# Docs: https://www.authelia.com/configuration/
|
|
# WICHTIG: Diese Datei NICHT in Git committen wenn user-spezifische Daten enthalten!
|
|
|
|
theme: dark
|
|
|
|
server:
|
|
address: tcp://0.0.0.0:9091
|
|
|
|
log:
|
|
level: info
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yml
|
|
password:
|
|
algorithm: argon2id
|
|
iterations: 1
|
|
key_length: 32
|
|
salt_length: 16
|
|
memory: 1024
|
|
parallelism: 8
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
# Authelia selbst ist immer erreichbar (bypass)
|
|
- domain: auth.kaleschke.info
|
|
policy: bypass
|
|
|
|
# Oeffentliche Apps — kein Login noetig
|
|
- domain:
|
|
- immich.kaleschke.info
|
|
- paperless.kaleschke.info
|
|
- mealie.kaleschke.info
|
|
- vault.kaleschke.info
|
|
- ntfy.kaleschke.info
|
|
- git.kaleschke.info
|
|
- homepage.kaleschke.info
|
|
policy: bypass
|
|
|
|
# Admin-Dienste — 2FA erforderlich
|
|
- domain:
|
|
- komodo.kaleschke.info
|
|
- uptime.kaleschke.info
|
|
- files.kaleschke.info
|
|
- scrutiny.kaleschke.info
|
|
- beszel.kaleschke.info
|
|
policy: two_factor
|
|
|
|
# Alles andere — 1FA
|
|
- domain: "*.kaleschke.info"
|
|
policy: one_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
same_site: lax
|
|
expiration: 12h
|
|
inactivity: 45m
|
|
remember_me: 1M
|
|
cookies:
|
|
- domain: kaleschke.info
|
|
authelia_url: https://auth.kaleschke.info
|
|
default_redirection_url: https://homepage.kaleschke.info
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
storage:
|
|
postgres:
|
|
address: tcp://postgresql17:5432
|
|
database: authelia
|
|
username: authelia
|
|
password_file: /secrets/postgres_password.txt
|
|
|
|
notifier:
|
|
disable_startup_check: false
|
|
filesystem:
|
|
filename: /config/notifications.log
|
|
# SMTP (fuer 2FA-Codes per Mail — optional, empfohlen fuer Produktion):
|
|
# smtp:
|
|
# address: smtp://smtp.example.com:587
|
|
# username: user@example.com
|
|
# password: your_password
|
|
# sender: Authelia <authelia@kaleschke.info>
|
|
# subject: "[Authelia] {title}"
|
|
|
|
totp:
|
|
issuer: kaleschke.info
|
|
period: 30
|
|
skew: 1 |