pullup

2024-04-07 15:32:35 -04:00 · 2024-04-07 15:32:35 -04:00 · df621727e2
parent 511b2e2c47
commit df621727e2
3 changed files with 33 additions and 9 deletions
--- a/docker/authelia/config/configuration.ldap.yml
+++ b/docker/authelia/config/configuration.ldap.yml
@ -0,0 +1,24 @@
 authentication_backend:
  password_reset:
    disable: false
  refresh_interval: 5m
  ldap:
    implementation: custom
    address: ldap://lldap:389
    timeout: 5s
    start_tls: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2
    base_dn: {{ env "X_AUTHELIA_LDAP_DOMAIN" }}
    attributes:
      username: uid
      display_name: displayName
      mail: mail
      group_name: cn
    additional_users_dn: ou=people
    users_filter: (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
    additional_groups_dn: ou=groups
    groups_filter: (member={dn})
    user: uid=admin,ou=people,{{ env "X_AUTHELIA_LDAP_DOMAIN" }}
    password: {{ secret "/run/secrets/AUTHENTICATION_BACKEND_LDAP_PASSWORD" }}
--- a/docker/authelia/config/configuration.oidc.clients.yml
+++ b/docker/authelia/config/configuration.oidc.clients.yml
@ -1,8 +1,8 @@
 identity_providers:
  oidc:
-    hmac_secret: {{ secret "/config/secrets/IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" }}
+    hmac_secret: {{ secret "/run/secrets/IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" }}
    jwks:
-      - key: {{ secret "/config/secrets/IDENTITY_PROVIDERS_OIDC_JWKS_KEY" | mindent 10 "|" | msquote }}
+      - key: {{ secret "/run/secrets/IDENTITY_PROVIDERS_OIDC_JWKS_KEY" | mindent 10 "|" | msquote }}
    authorization_policies:
@ -17,7 +17,7 @@ identity_providers:
      - client_id: headscale
        client_name: Headscale
-        client_secret: {{ secret "/config/secrets/CLIENT_SECRET_HEADSCALE" }}
+        client_secret: {{ secret "/run/secrets/CLIENT_SECRET_HEADSCALE" }}
        public: false
        authorization_policy: headscale
        consent_mode: implicit
--- a/docker/authelia/config/configuration.server.yml
+++ b/docker/authelia/config/configuration.server.yml
@ -20,8 +20,8 @@ totp:
 duo_api:
  hostname: {{ env "X_AUTHELIA_DUO_HOSTNAME" }}
-  integration_key: {{ secret "/config/secrets/DUO_API_INTEGRATION_KEY" }}
+  integration_key: {{ secret "/run/secrets/DUO_API_INTEGRATION_KEY" }}
-  secret_key: {{ secret "/config/secrets/DUO_API_SECRET_KEY" }}
+  secret_key: {{ secret "/run/secrets/DUO_API_SECRET_KEY" }}
 webauthn:
  disable: false
@ -32,7 +32,7 @@ webauthn:
 identity_validation:
  reset_password:
-    jwt_secret: {{ secret "/config/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" }}
+    jwt_secret: {{ secret "/run/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" }}
 regulation:
  max_retries: 3
@ -40,7 +40,7 @@ regulation:
  ban_time: 5m
 storage:
-  # encryption_key: {{ secret "/config/secrets/STORAGE_ENCRYPTION_KEY" }}
+  encryption_key: {{ secret "/run/secrets/STORAGE_ENCRYPTION_KEY" }}
  # local:
  #   path: /config/db.sqlite3
  mysql:
@ -56,12 +56,12 @@ notifier:
  smtp:
    address: smtp.gmail.com:587
    username: {{ env "X_AUTHELIA_EMAIL" }}
-    password: {{ secret "/config/secrets/NOTIFIER_SMTP_PASSWORD" }}
+    password: {{ secret "/run/secrets/NOTIFIER_SMTP_PASSWORD" }}
    sender: "{{ env "X_AUTHELIA_SITE_NAME" }} <{{ env "X_AUTHELIA_EMAIL" }}>"
    subject: "[Authelia] {title}"
 session:
-  secret: {{ secret "/config/secrets/SESSION_SECRET" }}
+  secret: {{ secret "/run/secrets/SESSION_SECRET" }}
  name: authelia_session
  same_site: lax
  expiration: 1h