From 4dd503b2a51fe7bd18beaf984bc33866d8c1fec4 Mon Sep 17 00:00:00 2001 From: Alpha Chen Date: Tue, 26 Mar 2024 20:02:13 -0700 Subject: [PATCH] Authelia v4.38 --- lotus-land-story/authelia.yml | 2 +- .../templates/authelia_configuration.yml | 55 ++++++++----------- 2 files changed, 25 insertions(+), 32 deletions(-) diff --git a/lotus-land-story/authelia.yml b/lotus-land-story/authelia.yml index 24edaa5..0fc1be3 100644 --- a/lotus-land-story/authelia.yml +++ b/lotus-land-story/authelia.yml @@ -1,7 +1,7 @@ - name: Set up Authelia hosts: lotus-land-story vars: - version: 4.37.5 + version: 4.38.6 vars_files: - vars.yml tasks: diff --git a/lotus-land-story/templates/authelia_configuration.yml b/lotus-land-story/templates/authelia_configuration.yml index f3393f6..22955a0 100644 --- a/lotus-land-story/templates/authelia_configuration.yml +++ b/lotus-land-story/templates/authelia_configuration.yml @@ -1,8 +1,6 @@ # https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-client-secrets theme: auto -jwt_secret: {{ authelia.jwt_secret }} -default_redirection_url: https://auth.{{ domain }}/ log: level: debug @@ -23,9 +21,16 @@ access_control: # policy: one_factor policy: two_factor +identity_validation: + reset_password: + jwt_secret: {{ authelia.jwt_secret }} + session: secret: {{ authelia.session_secret }} - domain: {{ domain }} + cookies: + - domain: {{ domain }} + authelia_url: https://auth.{{ domain }} + # default_redirection_url: https://www.{{ domain }} storage: encryption_key: {{ authelia.storage_encryption_key }} @@ -36,19 +41,19 @@ notifier: smtp: username: apikey password: {{ authelia.smtp_password }} - host: smtp.sendgrid.net - port: 25 + address: smtp://smtp.sendgrid.net:25 sender: authelia@kejadlen.dev identity_providers: oidc: - issuer_private_key: | - {{ authelia.oidc_private_key | indent(6) }} + jwks: + - key: | + {{ authelia.oidc_private_key | indent(10) }} clients: - - id: grafana - description: Grafana - secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ + - client_id: grafana + client_name: Grafana + client_secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ public: false redirect_uris: - https://grafana.{{ domain }}/login/generic_oauth @@ -58,9 +63,9 @@ identity_providers: - groups - email - - id: tailscale - description: Tailscale - secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0 + - client_id: tailscale + client_name: Tailscale + client_secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0 redirect_uris: - https://login.tailscale.com/a/oauth_response scopes: @@ -68,9 +73,9 @@ identity_providers: - email - profile - - id: gitea - description: Gitea - secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0 + - client_id: gitea + client_name: Gitea + client_secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0 public: false redirect_uris: - https://git.{{ domain }}/user/oauth2/authelia/callback @@ -79,9 +84,9 @@ identity_providers: - email - profile - - id: miniflux - description: Miniflux - secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w + - client_id: miniflux + client_name: Miniflux + client_secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w public: false redirect_uris: - https://rss.{{ domain }}/oauth2/oidc/callback @@ -89,15 +94,3 @@ identity_providers: - openid - email - profile - - - id: parseable - description: Parseable - secret: $argon2id$v=19$m=65536,t=3,p=4$glcGbEsVvimlXW08i18Mbg$5VsdS3E8897Dsb1n+BMO5SAy1a1Sq9jeCLcTADTMGtA - public: false - redirect_uris: - - https://logs.{{ domain }}/api/v1/o/code - scopes: - - openid - - email - - profile - - groups