Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
a7797fd02e9997fd14e567ef2e25a0921633b2f5
homelab-infra/security/authelia/configuration.yml
T
Micha a7797fd02e Consolidate dashboard on Glance
2026-05-25 14:44:46 +02:00

92 lines
2.1 KiB
YAML
Raw Blame History

---
# Authelia configuration - repo baseline for non-secret access-control/session/storage settings
# Manual host sync/merge required after changes:
# /mnt/user/appdata/authelia/config/configuration.yml
# Docs: https://www.authelia.com/configuration/
# Keep user database, OIDC client configuration, and secret values outside Git.
theme: dark
server:
address: tcp://0.0.0.0:9091
log:
level: info
authentication_backend:
file:
path: /config/users_database.yml
password:
algorithm: argon2id
iterations: 3
key_length: 32
salt_length: 16
memory: 65536
parallelism: 4
access_control:
default_policy: deny
rules:
# Authelia selbst ist immer erreichbar (bypass)
- domain: auth.kaleschke.info
policy: bypass
# Oeffentliche Apps - kein Login noetig
- domain:
- immich.kaleschke.info
- paperless.kaleschke.info
- mealie.kaleschke.info
- vault.kaleschke.info
- ntfy.kaleschke.info
- git.kaleschke.info
policy: bypass
# Admin-Dienste - 2FA erforderlich
- domain:
- uptime.kaleschke.info
- files.kaleschke.info
- scrutiny.kaleschke.info
policy: two_factor
# Alles andere mit Authelia-Middleware - 1FA.
# Komodo hat bewusst keine ForwardAuth-Middleware und wird hier nicht ausgewertet.
- domain: "*.kaleschke.info"
policy: one_factor
session:
name: authelia_session
same_site: lax
expiration: 12h
inactivity: 45m
remember_me: 1M
cookies:
- domain: kaleschke.info
authelia_url: https://auth.kaleschke.info
default_redirection_url: https://glance.kaleschke.info
regulation:
max_retries: 3
find_time: 2m
ban_time: 5m
storage:
postgres:
address: tcp://postgresql17:5432
database: authelia
username: authelia
notifier:
disable_startup_check: false
smtp:
address: submission://mail.gmx.net:587
username: michideheld@gmx.de
sender: "Authelia <michideheld@gmx.de>"
identifier: auth.kaleschke.info
subject: "[Authelia] {title}"
startup_check_address: michideheld@gmx.de
totp:
issuer: kaleschke.info
period: 30
skew: 1
Reference in New Issue View Git Blame Copy Permalink