homelab/roles/authelia/templates/configuration.yml.j2

71 lines
1.7 KiB
Django/Jinja

host: 0.0.0.0
port: 9091
server:
read_buffer_size: 4096
write_buffer_size: 4096
path: "authelia"
log_level: debug
jwt_secret: somethingsomethingrandomrecret
default_redirection_url: https://{{ base_domain }}
authentication_backend:
disable_reset_password: false
ldap:
implementation: custom
url: ldap://openldap
start_tls: false
tls:
server_name: openldap
skip_verify: false
minimum_version: TLS1.2
base_dn: dc=kucharczyk,dc=xyz
username_attribute: uid
users_filter: ({username_attribute}={input})
groups_filter: (member={dn})
mail_attribute: mail
user: cn=admin,dc=kucharczyk,dc=xyz
password: {{ vault_openldap_admin_password }}
access_control:
default_policy: deny
networks:
- name: local
networks:
- 192.168.0.0/24
rules:
- domain: "*.{{ base_domain }}"
networks:
- local
policy: bypass
- domain: portainer.{{ base_domain }}
policy: one_factor
- domain: keycloak.{{ base_domain }}
policy: one_factor
- domain: radarr.{{ base_domain }}
policy: two_factor
session:
name: authelia_session
secret: somerandomsecret
expiration: 1h
inactivity: 5m
remember_me_duration: 1M
domain: {{ base_domain }}
regulation:
max_retries: 3
find_time: 2m
ban_time: 99y
storage:
local:
path: /config/db.sqlite3
notifier:
disable_startup_check: false
smtp:
username: kucharczyk.lukas@gmail.com
password: {{ vault_email_gmail_password }}
host: smtp.gmail.com
port: 587
sender: kucharczyk.lukas@gmail.com
subject: "[Authelia] {title}"
startup_check_address: test@authelia.com
disable_require_tls: false
tls:
skip_verify: false
minimum_version: TLS1.2