add authelia

authelia/.env

@@ -0,0 +1,4 @@
+AUTHELIA_SESSION_SECRET=
+AUTHELIA_SESSION_REDIS_PASSWORD=
+AUTHELIA_JWT_SECRET=
+AUTHELIA_NOTIFIER_SMTP_PASSWORD=

authelia/config/configuration.yml

@@ -0,0 +1,72 @@
+##############################################################################
+#                   Authelia configuration                                   #
+##############################################################################
+
+host: 0.0.0.0
+port: 8080 # if you need this changed make sure it reflects also in the docker-compose.yml
+log_level: info
+default_redirection_url: https://auth.jaredtsmith.com
+totp:
+  issuer: jaredtsmith.com
+  period: 30
+  skew: 1
+
+authentication_backend:
+  disable_reset_password: false
+  file:
+    path: /config/users_database.yml # Make sure this file exists
+    password:
+      algorithm: argon2id
+      iterations: 1
+      salt_length: 16
+      parallelism: 8
+      memory: 64
+
+access_control:
+  default_policy: deny
+  rules:
+    # Rules applied to everyone
+    - domain:
+        - "auth.jaredtsmith.com"
+        - "wikidata.jaredtsmith.com"
+      policy: bypass
+    - domain: # Proxies only requiring username and password
+        - "wiki.jaredtsmith.com"
+        - "wikidata-admin.jaredtsmith.com"
+      policy: one_factor
+    - domain: # Proxies needing 2 factor below
+        - "budget.jaredtsmith.com"
+        - "budget1.jaredtsmith.com"
+      policy: two_factor
+
+         
+session:
+  name: authelia_session
+  expiration: 3600 # 1 hour
+  inactivity: 7200 # 2 hours
+  domain: jaredtsmith.com # Needs to be your root domain
+
+  redis:
+    host: outline_redis
+    port: 6379
+
+regulation:
+  max_retries: 5
+  find_time: 2m
+  ban_time: 10m
+
+theme: dark   # options: dark, light
+
+storage:
+  local:
+    path: /config/db.sqlite3
+    
+notifier:
+ smtp:
+   username: admin@jaredtsmith.com
+   host: mail.jaredtsmith.com
+   port: 465  # 25 non-ssl, 443 ssl, 587 tls
+   sender: authelia@auth.jaredtsmith.com
+   subject: "[Authelia] {title}"
+   disable_require_tls: true # set to true if your domain uses no tls or ssl only
+   disable_html_emails: false # set to true if you don't want html in your emails

authelia/config/users_database.yml

@@ -0,0 +1,27 @@
+###############################################################
+#                         Users Database                      #
+###############################################################
+ 
+# This file can be used if you do not have an LDAP set up.
+ 
+# List of users
+users:
+  jared:
+    displayname: "Jared Smith"
+    password: "$argon2id$v=19$m=65536,t=1,p=8$aUxYVkxUUVhSbVdLQmh1aQ$+9n4HtCZm9vRN6fKOCt5MUbj85TL3ybu6/gHrJjxTno"
+    email: jts@jaredtsmith.com
+    groups:
+      - admins
+      - users
+  mel:
+    displayname: "Mel Smith"
+    password: "$argon2id$v=19$m=65536,t=1,p=8$aUxYVkxUUVhSbVdLQmh1aQ$+9n4HtCZm9vRN6fKOCt5MUbj85TL3ybu6/gHrJjxTno"
+    email: jollymel2@gmail.com
+    groups:
+      - users
+  jess:
+    displayname: "Jess Davies"
+    password: "$argon2id$v=19$m=65536,t=1,p=8$aUxYVkxUUVhSbVdLQmh1aQ$+9n4HtCZm9vRN6fKOCt5MUbj85TL3ybu6/gHrJjxTno"
+    email: jessicadavies3000@gmail.com
+    groups:
+      - users

authelia/docker-compose.yml

@@ -0,0 +1,15 @@
+version: '3.3'
+services:
+  authelia:
+    image: authelia/authelia
+    volumes:
+      - ./config:/config
+    ports:
+      - 8080:8080
+    restart: unless-stopped
+    healthcheck:
+      disable: true
+    environment:
+      - TZ=Australia/Melbourne
+    depends_on:
+      - outline_redis