From df621727e2709cab359536751fb25c664ea86df0 Mon Sep 17 00:00:00 2001 From: Colin Date: Sun, 7 Apr 2024 15:32:35 -0400 Subject: [PATCH] pullup --- docker/authelia/config/configuration.ldap.yml | 24 +++++++++++++++++++ .../config/configuration.oidc.clients.yml | 6 ++--- .../authelia/config/configuration.server.yml | 12 +++++----- 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/docker/authelia/config/configuration.ldap.yml b/docker/authelia/config/configuration.ldap.yml index e69de29..2d57f63 100644 --- a/docker/authelia/config/configuration.ldap.yml +++ b/docker/authelia/config/configuration.ldap.yml @@ -0,0 +1,24 @@ +authentication_backend: + password_reset: + disable: false + refresh_interval: 5m + ldap: + implementation: custom + address: ldap://lldap:389 + timeout: 5s + start_tls: false + tls: + skip_verify: false + minimum_version: TLS1.2 + base_dn: {{ env "X_AUTHELIA_LDAP_DOMAIN" }} + attributes: + username: uid + display_name: displayName + mail: mail + group_name: cn + additional_users_dn: ou=people + users_filter: (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) + additional_groups_dn: ou=groups + groups_filter: (member={dn}) + user: uid=admin,ou=people,{{ env "X_AUTHELIA_LDAP_DOMAIN" }} + password: {{ secret "/run/secrets/AUTHENTICATION_BACKEND_LDAP_PASSWORD" }} \ No newline at end of file diff --git a/docker/authelia/config/configuration.oidc.clients.yml b/docker/authelia/config/configuration.oidc.clients.yml index a39db0c..e87294a 100644 --- a/docker/authelia/config/configuration.oidc.clients.yml +++ b/docker/authelia/config/configuration.oidc.clients.yml @@ -1,8 +1,8 @@ identity_providers: oidc: - hmac_secret: {{ secret "/config/secrets/IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" }} + hmac_secret: {{ secret "/run/secrets/IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" }} jwks: - - key: {{ secret "/config/secrets/IDENTITY_PROVIDERS_OIDC_JWKS_KEY" | mindent 10 "|" | msquote }} + - key: {{ secret "/run/secrets/IDENTITY_PROVIDERS_OIDC_JWKS_KEY" | mindent 10 "|" | msquote }} authorization_policies: @@ -17,7 +17,7 @@ identity_providers: - client_id: headscale client_name: Headscale - client_secret: {{ secret "/config/secrets/CLIENT_SECRET_HEADSCALE" }} + client_secret: {{ secret "/run/secrets/CLIENT_SECRET_HEADSCALE" }} public: false authorization_policy: headscale consent_mode: implicit diff --git a/docker/authelia/config/configuration.server.yml b/docker/authelia/config/configuration.server.yml index 5b49537..ad84632 100644 --- a/docker/authelia/config/configuration.server.yml +++ b/docker/authelia/config/configuration.server.yml @@ -20,8 +20,8 @@ totp: duo_api: hostname: {{ env "X_AUTHELIA_DUO_HOSTNAME" }} - integration_key: {{ secret "/config/secrets/DUO_API_INTEGRATION_KEY" }} - secret_key: {{ secret "/config/secrets/DUO_API_SECRET_KEY" }} + integration_key: {{ secret "/run/secrets/DUO_API_INTEGRATION_KEY" }} + secret_key: {{ secret "/run/secrets/DUO_API_SECRET_KEY" }} webauthn: disable: false @@ -32,7 +32,7 @@ webauthn: identity_validation: reset_password: - jwt_secret: {{ secret "/config/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" }} + jwt_secret: {{ secret "/run/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" }} regulation: max_retries: 3 @@ -40,7 +40,7 @@ regulation: ban_time: 5m storage: - # encryption_key: {{ secret "/config/secrets/STORAGE_ENCRYPTION_KEY" }} + encryption_key: {{ secret "/run/secrets/STORAGE_ENCRYPTION_KEY" }} # local: # path: /config/db.sqlite3 mysql: @@ -56,12 +56,12 @@ notifier: smtp: address: smtp.gmail.com:587 username: {{ env "X_AUTHELIA_EMAIL" }} - password: {{ secret "/config/secrets/NOTIFIER_SMTP_PASSWORD" }} + password: {{ secret "/run/secrets/NOTIFIER_SMTP_PASSWORD" }} sender: "{{ env "X_AUTHELIA_SITE_NAME" }} <{{ env "X_AUTHELIA_EMAIL" }}>" subject: "[Authelia] {title}" session: - secret: {{ secret "/config/secrets/SESSION_SECRET" }} + secret: {{ secret "/run/secrets/SESSION_SECRET" }} name: authelia_session same_site: lax expiration: 1h