pullup

2024-04-07 15:32:35 -04:00 · 2024-04-07 15:32:35 -04:00 · df621727e2
parent 511b2e2c47
commit df621727e2
3 changed files with 33 additions and 9 deletions
--- a/docker/authelia/config/configuration.ldap.yml
+++ b/docker/authelia/config/configuration.ldap.yml
@ -0,0 +1,24 @@
+authentication_backend:
+  password_reset:
+    disable: false
+  refresh_interval: 5m
+  ldap:
+    implementation: custom
+    address: ldap://lldap:389
+    timeout: 5s
+    start_tls: false
+    tls:
+      skip_verify: false
+      minimum_version: TLS1.2
+    base_dn: {{ env "X_AUTHELIA_LDAP_DOMAIN" }}
+    attributes:
+      username: uid
+      display_name: displayName
+      mail: mail
+      group_name: cn
+    additional_users_dn: ou=people
+    users_filter: (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
+    additional_groups_dn: ou=groups
+    groups_filter: (member={dn})
+    user: uid=admin,ou=people,{{ env "X_AUTHELIA_LDAP_DOMAIN" }}
+    password: {{ secret "/run/secrets/AUTHENTICATION_BACKEND_LDAP_PASSWORD" }}
--- a/docker/authelia/config/configuration.oidc.clients.yml
+++ b/docker/authelia/config/configuration.oidc.clients.yml
@ -1,8 +1,8 @@
 identity_providers:
  oidc:
-    hmac_secret: {{ secret "/config/secrets/IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" }}
+    hmac_secret: {{ secret "/run/secrets/IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" }}
    jwks:
-      - key: {{ secret "/config/secrets/IDENTITY_PROVIDERS_OIDC_JWKS_KEY" | mindent 10 "|" | msquote }}
+      - key: {{ secret "/run/secrets/IDENTITY_PROVIDERS_OIDC_JWKS_KEY" | mindent 10 "|" | msquote }}

    authorization_policies:

@ -17,7 +17,7 @@ identity_providers:

      - client_id: headscale
        client_name: Headscale
-        client_secret: {{ secret "/config/secrets/CLIENT_SECRET_HEADSCALE" }}
+        client_secret: {{ secret "/run/secrets/CLIENT_SECRET_HEADSCALE" }}
        public: false
        authorization_policy: headscale
        consent_mode: implicit
--- a/docker/authelia/config/configuration.server.yml
+++ b/docker/authelia/config/configuration.server.yml
@ -20,8 +20,8 @@ totp:

 duo_api:
  hostname: {{ env "X_AUTHELIA_DUO_HOSTNAME" }}
-  integration_key: {{ secret "/config/secrets/DUO_API_INTEGRATION_KEY" }}
-  secret_key: {{ secret "/config/secrets/DUO_API_SECRET_KEY" }}
+  integration_key: {{ secret "/run/secrets/DUO_API_INTEGRATION_KEY" }}
+  secret_key: {{ secret "/run/secrets/DUO_API_SECRET_KEY" }}

 webauthn:
  disable: false
@ -32,7 +32,7 @@ webauthn:

 identity_validation:
  reset_password:
-    jwt_secret: {{ secret "/config/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" }}
+    jwt_secret: {{ secret "/run/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" }}

 regulation:
  max_retries: 3
@ -40,7 +40,7 @@ regulation:
  ban_time: 5m

 storage:
-  # encryption_key: {{ secret "/config/secrets/STORAGE_ENCRYPTION_KEY" }}
+  encryption_key: {{ secret "/run/secrets/STORAGE_ENCRYPTION_KEY" }}
  # local:
  #   path: /config/db.sqlite3
  mysql:
@ -56,12 +56,12 @@ notifier:
  smtp:
    address: smtp.gmail.com:587
    username: {{ env "X_AUTHELIA_EMAIL" }}
-    password: {{ secret "/config/secrets/NOTIFIER_SMTP_PASSWORD" }}
+    password: {{ secret "/run/secrets/NOTIFIER_SMTP_PASSWORD" }}
    sender: "{{ env "X_AUTHELIA_SITE_NAME" }} <{{ env "X_AUTHELIA_EMAIL" }}>"
    subject: "[Authelia] {title}"

 session:
-  secret: {{ secret "/config/secrets/SESSION_SECRET" }}
+  secret: {{ secret "/run/secrets/SESSION_SECRET" }}
  name: authelia_session
  same_site: lax
  expiration: 1h