pullup

2024-04-07 15:23:25 -04:00 · 2024-04-07 15:23:25 -04:00 · 1ed5a622e7
parent 88bd0d8b11
commit 1ed5a622e7
2 changed files with 83 additions and 8 deletions
--- a/docker/authelia/config/configuration.server.yml
+++ b/docker/authelia/config/configuration.server.yml
@ -0,0 +1,83 @@
+theme: grey
+
+server:
+  address: tcp://0.0.0.0:9091
+  buffers:
+    read: 8192
+    write: 8192
+  asset_path: /config/assets
+
+log:
+  level: info
+  format: text
+#  file_path: /config/authelia.log
+#  keep_stdout: true
+
+totp:
+  issuer: {{ env "X_AUTHELIA_SITE_NAME" }}
+  period: 30
+  skew: 1
+
+duo_api:
+  hostname: {{ env "X_AUTHELIA_DUO_HOSTNAME" }}
+  integration_key: {{ secret "/config/secrets/DUO_API_INTEGRATION_KEY" }}
+  secret_key: {{ secret "/config/secrets/DUO_API_SECRET_KEY" }}
+
+webauthn:
+  disable: false
+  display_name: Authelia
+  attestation_conveyance_preference: indirect
+  user_verification: preferred
+  timeout: 60s
+
+identity_validation:
+  reset_password:
+    jwt_secret: {{ secret "/config/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" }}
+
+regulation:
+  max_retries: 3
+  find_time: 2m
+  ban_time: 5m
+
+storage:
+  # encryption_key: {{ secret "/config/secrets/STORAGE_ENCRYPTION_KEY" }}
+  # local:
+  #   path: /config/db.sqlite3
+  mysql:
+    host: authelia_mariadb
+    port: 3306
+    database: authelia
+    username: authelia
+    ## Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
+    password: authelia
+    timeout: 5s
+
+notifier:
+  smtp:
+    address: smtp.gmail.com:587
+    username: {{ env "X_AUTHELIA_EMAIL" }}
+    password: {{ secret "/config/secrets/NOTIFIER_SMTP_PASSWORD" }}
+    sender: "{{ env "X_AUTHELIA_SITE_NAME" }} <{{ env "X_AUTHELIA_EMAIL" }}>"
+    subject: "[Authelia] {title}"
+
+session:
+  secret: {{ secret "/config/secrets/SESSION_SECRET" }}
+  name: authelia_session
+  same_site: lax
+  expiration: 1h
+  inactivity: 5m
+  remember_me: 1M
+  cookies:
+  - domain: {{ env "TRAEFIK_DOMAIN" }}
+    authelia_url: 'https://login.{{ env "TRAEFIK_DOMAIN" }}'
+    name: 'authelia_session'
+    same_site: 'lax'
+    inactivity: '5m'
+    expiration: '1h'
+    remember_me: '1d'
+  redis:
+    host: authelia-redis
+    port: 6379
+    database_index: 0
+    maximum_active_connections: 8
+    minimum_idle_connections: 0
--- a/stack.production.yml
+++ b/stack.production.yml
@ -38,14 +38,6 @@ networks:
 services:
  authelia:
    image: git.nixc.us/nixius/authelia:production-authelia
-    ## These are now included in the Dockerfile
-    # command:
-    #   - "authelia"
-    #   - "--config=/config/configuration.server.yml"
-    #   - "--config=/config/configuration.ldap.yml"
-    #   - "--config=/config/configuration.acl.yml"
-    #   - "--config=/config/configuration.identity.providers.yml"
-    #   - "--config=/config/configuration.oidc.clients.yml"
    secrets:
      - AUTHENTICATION_BACKEND_LDAP_PASSWORD
      - CLIENT_SECRET_HEADSCALE