From 3d06cf48b8d5a2c450beca337febeadf766ceab1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= Date: Sun, 20 Jun 2021 19:39:31 +0200 Subject: [PATCH] authelia: add configuration.yml --- roles/authelia/templates/configuration.yml.j2 | 60 +++++++++++++++++++ vault/passwords.yml | 34 ++++++----- 2 files changed, 78 insertions(+), 16 deletions(-) create mode 100644 roles/authelia/templates/configuration.yml.j2 diff --git a/roles/authelia/templates/configuration.yml.j2 b/roles/authelia/templates/configuration.yml.j2 new file mode 100644 index 0000000..fbd72a0 --- /dev/null +++ b/roles/authelia/templates/configuration.yml.j2 @@ -0,0 +1,60 @@ +host: 0.0.0.0 +port: 9091 +server: + read_buffer_size: 4096 + write_buffer_size: 4096 + path: "authelia" +log_level: debug +jwt_secret: somethingsomethingrandomrecret +default_redirection_url: https://{{ base_domain }} +authentication_backend: + disable_reset_password: false + ldap: + implementation: custom + url: ldap://openldap + start_tls: false + tls: + server_name: openldap + skip_verify: false + minimum_version: TLS1.2 + base_dn: dc=kucharczyk,dc=xyz + username_attribute: uid + users_filter: ({username_attribute}={input}) + groups_filter: (member={dn}) + mail_attribute: mail + user: cn=admin,dc=kucharczyk,dc=xyz + password: {{ vault_openldap_admin_password }} +access_control: + default_policy: deny + rules: + - domain: + - "keycloak.{{ base_domain }}" + policy: one_factor +session: + name: authelia_session + secret: somerandomsecret + expiration: 1h + inactivity: 5m + remember_me_duration: 1M + domain: {{ base_domain }} +regulation: + max_retries: 3 + find_time: 2m + ban_time: 99y +storage: + local: + path: /config/db.sqlite3 +notifier: + disable_startup_check: false + smtp: + username: kucharczyk.lukas@gmail.com + password: {{ vault_email_gmail_password }} + host: smtp.gmail.com + port: 587 + sender: kucharczyk.lukas@gmail.com + subject: "[Authelia] {title}" + startup_check_address: test@authelia.com + disable_require_tls: false + tls: + skip_verify: false + minimum_version: TLS1.2 \ No newline at end of file diff --git a/vault/passwords.yml b/vault/passwords.yml index f31064e..046e499 100644 --- a/vault/passwords.yml +++ b/vault/passwords.yml @@ -1,17 +1,19 @@ $ANSIBLE_VAULT;1.1;AES256 -65653231333939666430306463383836633664623438373661666234343165633864353934663563 -3335396466623862353633363264373666353036623134360a356438636230613139633264373265 -36643231356335653261616238613266306165616363643763356234363537616138353831383064 -3436353361333263330a313361306236626164343261363432343762313361636338333165376238 -38666336356361613930316536323338653338353666666162666333636261373866653934626536 -31643931343338383039616261616130613763383737313037303163366263623066633031646630 -35373436646635613665343038363931396630653264633964646434346534393531333163643836 -62323634643537363365313662363766373436633262336339643734613732663832326133363434 -38643434326266373638366262386162666661383232383965613536663239336361623861613161 -32313439653132353434316563633638353164626236633766313864343036353562303163373335 -39653437623132623635363266353636613130666363353633366134663638346263643134383762 -37316631313437646232326237313436353732333065363666316364373336396135396238363562 -39633163316532616564366632303965316362653066613536316461643237373834316136383865 -64353238643638623832656463333563633838633931636166323335336662636362643466303566 -31333962656530326664636562343738393864613561333734333134386263356533373664666666 -66373538393037373761 +30346235333931303864373164626134343138306564323034633139363931653066326263333063 +6532376231363635613930376137326439306437636433370a643535356131363164373764613531 +36363735323930306338623164636563626334653532386632303936343737363731323166323530 +3439353635343236350a663261636633633033396262333164363062396464366135306135386337 +37333232376531353332373930306462393634386533636363343736646537666665633262633363 +64373434633963316365306562333765313439366431313234313563376630643931386363383233 +33363665613937366433643133613565646364303362626433396339313535383166326138313139 +61616333333530333761393631323461376536363733323764333631346338393166613531666335 +35373764376434346638356439393964313436366439366363393766643333623165353266386634 +66326434333165663630326332333061626366356363313538393130356365343738363237653565 +63613439373930326165326538386566636466306137636336663736333063613238356137346630 +31643064623563656438613665393332656435636233623265323063366139643937633132656337 +65326137396134333230616262333337373833663439313635663438396461373130396332316331 +66613933343365363335653135663237363538353863623534373563626166313034323039396334 +61383766343264313438353261306233373562343939663232383466336232373865356561316139 +38316466306531326165343265393262646463626563306363353765343462316534323336356432 +34373661363562636137393235323839616430376163393362313363626636343064663739313963 +3361333438346265623738393431346433353436666262396264