120 lines
2.9 KiB
YAML
120 lines
2.9 KiB
YAML
---
|
|
# Authelia configuration â Template
|
|
# Deploy to: /mnt/user/appdata/authelia/config/configuration.yml
|
|
# Docs: https://www.authelia.com/configuration/
|
|
# WICHTIG: Diese Datei NICHT in Git committen wenn user-spezifische Daten enthalten!
|
|
|
|
theme: dark
|
|
|
|
server:
|
|
address: tcp://0.0.0.0:9091
|
|
|
|
log:
|
|
level: info
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yml
|
|
password:
|
|
algorithm: argon2id
|
|
iterations: 1
|
|
key_length: 32
|
|
salt_length: 16
|
|
memory: 1024
|
|
parallelism: 8
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
# Authelia selbst ist immer erreichbar (bypass)
|
|
- domain: auth.kaleschke.info
|
|
policy: bypass
|
|
|
|
# Oeffentliche Apps â kein Login noetig
|
|
- domain:
|
|
- immich.kaleschke.info
|
|
- paperless.kaleschke.info
|
|
- mealie.kaleschke.info
|
|
- vault.kaleschke.info
|
|
- ntfy.kaleschke.info
|
|
- git.kaleschke.info
|
|
- homepage.kaleschke.info
|
|
policy: bypass
|
|
|
|
# Admin-Dienste â 2FA erforderlich
|
|
- domain:
|
|
- komodo.kaleschke.info
|
|
- uptime.kaleschke.info
|
|
- files.kaleschke.info
|
|
- scrutiny.kaleschke.info
|
|
policy: two_factor
|
|
|
|
# Beszel → OIDC-Login (kein ForwardAuth)
|
|
- domain: beszel.kaleschke.info
|
|
policy: bypass
|
|
|
|
# Alles andere â 1FA
|
|
- domain: "*.kaleschke.info"
|
|
policy: one_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
same_site: lax
|
|
expiration: 12h
|
|
inactivity: 45m
|
|
remember_me: 1M
|
|
cookies:
|
|
- domain: kaleschke.info
|
|
authelia_url: https://auth.kaleschke.info
|
|
default_redirection_url: https://homepage.kaleschke.info
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
storage:
|
|
postgres:
|
|
address: tcp://postgresql17:5432
|
|
database: authelia
|
|
username: authelia
|
|
|
|
notifier:
|
|
disable_startup_check: false
|
|
filesystem:
|
|
filename: /config/notifications.log
|
|
# SMTP (fuer 2FA-Codes per Mail â optional, empfohlen fuer Produktion):
|
|
# smtp:
|
|
# address: smtp://smtp.example.com:587
|
|
# username: user@example.com
|
|
# password: your_password
|
|
# sender: Authelia <authelia@kaleschke.info>
|
|
# subject: "[Authelia] {title}"
|
|
|
|
totp:
|
|
issuer: kaleschke.info
|
|
period: 30
|
|
skew: 1
|
|
|
|
identity_providers:
|
|
oidc:
|
|
clients:
|
|
- client_id: 'beszel'
|
|
client_name: 'Beszel'
|
|
client_secret: '$argon2id$v=19$m=65536,t=3,p=4$bXTt49iW61s0c8/ZiBlguw$VquorRqL134mjQ6Qa13JY6AI/QCwdk7g1jpc/UtRZPQ'
|
|
public: false
|
|
authorization_policy: 'two_factor'
|
|
require_pkce: true
|
|
pkce_challenge_method: 'S256'
|
|
redirect_uris:
|
|
- 'https://beszel.kaleschke.info/api/oauth2-redirect'
|
|
scopes:
|
|
- 'openid'
|
|
- 'email'
|
|
- 'profile'
|
|
response_types:
|
|
- 'code'
|
|
grant_types:
|
|
- 'authorization_code'
|
|
token_endpoint_auth_method: 'client_secret_basic'
|