From 610742bf82609fbf6ea1d1348bf130529b12bf41 Mon Sep 17 00:00:00 2001 From: Jared Smith Date: Tue, 3 May 2022 17:36:52 +1000 Subject: [PATCH] add authelia --- authelia/.env | 4 ++ authelia/config/configuration.yml | 72 ++++++++++++++++++++++++++++++ authelia/config/users_database.yml | 27 +++++++++++ authelia/docker-compose.yml | 15 +++++++ 4 files changed, 118 insertions(+) create mode 100644 authelia/.env create mode 100644 authelia/config/configuration.yml create mode 100644 authelia/config/users_database.yml create mode 100644 authelia/docker-compose.yml diff --git a/authelia/.env b/authelia/.env new file mode 100644 index 0000000..187f787 --- /dev/null +++ b/authelia/.env @@ -0,0 +1,4 @@ +AUTHELIA_SESSION_SECRET= +AUTHELIA_SESSION_REDIS_PASSWORD= +AUTHELIA_JWT_SECRET= +AUTHELIA_NOTIFIER_SMTP_PASSWORD= \ No newline at end of file diff --git a/authelia/config/configuration.yml b/authelia/config/configuration.yml new file mode 100644 index 0000000..42ee4a5 --- /dev/null +++ b/authelia/config/configuration.yml @@ -0,0 +1,72 @@ +############################################################################## +# Authelia configuration # +############################################################################## + +host: 0.0.0.0 +port: 8080 # if you need this changed make sure it reflects also in the docker-compose.yml +log_level: info +default_redirection_url: https://auth.jaredtsmith.com +totp: + issuer: jaredtsmith.com + period: 30 + skew: 1 + +authentication_backend: + disable_reset_password: false + file: + path: /config/users_database.yml # Make sure this file exists + password: + algorithm: argon2id + iterations: 1 + salt_length: 16 + parallelism: 8 + memory: 64 + +access_control: + default_policy: deny + rules: + # Rules applied to everyone + - domain: + - "auth.jaredtsmith.com" + - "wikidata.jaredtsmith.com" + policy: bypass + - domain: # Proxies only requiring username and password + - "wiki.jaredtsmith.com" + - "wikidata-admin.jaredtsmith.com" + policy: one_factor + - domain: # Proxies needing 2 factor below + - "budget.jaredtsmith.com" + - "budget1.jaredtsmith.com" + policy: two_factor + + +session: + name: authelia_session + expiration: 3600 # 1 hour + inactivity: 7200 # 2 hours + domain: jaredtsmith.com # Needs to be your root domain + + redis: + host: outline_redis + port: 6379 + +regulation: + max_retries: 5 + find_time: 2m + ban_time: 10m + +theme: dark # options: dark, light + +storage: + local: + path: /config/db.sqlite3 + +notifier: + smtp: + username: admin@jaredtsmith.com + host: mail.jaredtsmith.com + port: 465 # 25 non-ssl, 443 ssl, 587 tls + sender: authelia@auth.jaredtsmith.com + subject: "[Authelia] {title}" + disable_require_tls: true # set to true if your domain uses no tls or ssl only + disable_html_emails: false # set to true if you don't want html in your emails \ No newline at end of file diff --git a/authelia/config/users_database.yml b/authelia/config/users_database.yml new file mode 100644 index 0000000..dbdb41e --- /dev/null +++ b/authelia/config/users_database.yml @@ -0,0 +1,27 @@ +############################################################### +# Users Database # +############################################################### + +# This file can be used if you do not have an LDAP set up. + +# List of users +users: + jared: + displayname: "Jared Smith" + password: "$argon2id$v=19$m=65536,t=1,p=8$aUxYVkxUUVhSbVdLQmh1aQ$+9n4HtCZm9vRN6fKOCt5MUbj85TL3ybu6/gHrJjxTno" + email: jts@jaredtsmith.com + groups: + - admins + - users + mel: + displayname: "Mel Smith" + password: "$argon2id$v=19$m=65536,t=1,p=8$aUxYVkxUUVhSbVdLQmh1aQ$+9n4HtCZm9vRN6fKOCt5MUbj85TL3ybu6/gHrJjxTno" + email: jollymel2@gmail.com + groups: + - users + jess: + displayname: "Jess Davies" + password: "$argon2id$v=19$m=65536,t=1,p=8$aUxYVkxUUVhSbVdLQmh1aQ$+9n4HtCZm9vRN6fKOCt5MUbj85TL3ybu6/gHrJjxTno" + email: jessicadavies3000@gmail.com + groups: + - users \ No newline at end of file diff --git a/authelia/docker-compose.yml b/authelia/docker-compose.yml new file mode 100644 index 0000000..deed3c9 --- /dev/null +++ b/authelia/docker-compose.yml @@ -0,0 +1,15 @@ +version: '3.3' +services: + authelia: + image: authelia/authelia + volumes: + - ./config:/config + ports: + - 8080:8080 + restart: unless-stopped + healthcheck: + disable: true + environment: + - TZ=Australia/Melbourne + depends_on: + - outline_redis \ No newline at end of file