Add Authelia SSO, remove authentik, restrict ultralytics port

- Add authelia/ stack: Authelia 4.38 + Redis 7-alpine on isolated authelia-internal bridge; Authelia also on npm-network for NPM forward-auth. Secrets via env vars (not committed). - Add authelia/config/configuration.yaml: file-based users, SQLite storage, one_factor policy for *.kolpacksoftware.com - Add **/users_database.yaml to .gitignore (host-only secret) - Remove authentik/ (non-functional leftover) - ultralytics: bind port 8501 to 127.0.0.1 only (auth enforced via NPM)
2026-02-22 20:21:11 +00:00
parent 717ba151e5
commit 9f98a4081e
6 changed files with 91 additions and 96 deletions
@@ -0,0 +1,50 @@
+server:
+  address: 0.0.0.0:9091
+
+log:
+  level: info
+
+totp:
+  issuer: kolpacksoftware.com
+
+webauthn:
+  disable: true
+
+authentication_backend:
+  file:
+    path: /config/users_database.yaml
+    password:
+      algorithm: argon2id
+
+access_control:
+  default_policy: deny
+  rules:
+    - domain: auth.kolpacksoftware.com
+      policy: bypass
+    - domain: "*.kolpacksoftware.com"
+      policy: one_factor
+
+session:
+  cookies:
+    - domain: kolpacksoftware.com
+      authelia_url: https://auth.kolpacksoftware.com
+      default_redirection_url: https://auth.kolpacksoftware.com
+      name: authelia_session
+      expiration: 1h
+      inactivity: 5m
+  redis:
+    host: authelia-redis
+    port: 6379
+
+storage:
+  local:
+    path: /config/db.sqlite3
+
+notifier:
+  filesystem:
+    filename: /config/notifications.txt
+
+regulation:
+  max_retries: 3
+  find_time: 2m
+  ban_time: 5m