80 lines
1.8 KiB
YAML
80 lines
1.8 KiB
YAML
server:
|
|
address: 0.0.0.0:9091
|
|
|
|
log:
|
|
level: info
|
|
|
|
totp:
|
|
issuer: kolpacksoftware.com
|
|
|
|
webauthn:
|
|
disable: true
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yaml
|
|
password:
|
|
algorithm: argon2id
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: auth.kolpacksoftware.com
|
|
policy: bypass
|
|
- domain: ultralytics.kolpacksoftware.com
|
|
policy: one_factor
|
|
- domain: "*.kolpacksoftware.com"
|
|
policy: one_factor
|
|
subject: "group:admins"
|
|
|
|
session:
|
|
cookies:
|
|
- domain: kolpacksoftware.com
|
|
authelia_url: https://auth.kolpacksoftware.com
|
|
default_redirection_url: https://kolpacksoftware.com
|
|
name: authelia_session
|
|
expiration: 1h
|
|
inactivity: 5m
|
|
redis:
|
|
host: authelia-redis
|
|
port: 6379
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite3
|
|
|
|
notifier:
|
|
filesystem:
|
|
filename: /config/notifications.txt
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
identity_providers:
|
|
oidc:
|
|
hmac_secret: ${AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET}
|
|
jwks:
|
|
- key_id: main
|
|
algorithm: RS256
|
|
use: sig
|
|
# key: HOST-MANAGED — inline /srv/authelia/config/oidc.key contents here in the
|
|
# host copy (/srv/authelia/config/configuration.yml). Never commit the key to git.
|
|
# Generate with: openssl genrsa -out /srv/authelia/config/oidc.key 4096
|
|
clients:
|
|
- client_id: linkding
|
|
client_name: Linkding
|
|
client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_LINKDING}'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
token_endpoint_auth_method: client_secret_post
|
|
redirect_uris:
|
|
- https://linkding.kolpacksoftware.com/oidc/callback/
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
userinfo_signed_response_alg: none
|