|
|
@ -1,8 +1,6 @@
|
|
|
|
# https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-client-secrets
|
|
|
|
# https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-client-secrets
|
|
|
|
|
|
|
|
|
|
|
|
theme: auto
|
|
|
|
theme: auto
|
|
|
|
jwt_secret: {{ authelia.jwt_secret }}
|
|
|
|
|
|
|
|
default_redirection_url: https://auth.{{ domain }}/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
log:
|
|
|
|
log:
|
|
|
|
level: debug
|
|
|
|
level: debug
|
|
|
@ -23,9 +21,16 @@ access_control:
|
|
|
|
# policy: one_factor
|
|
|
|
# policy: one_factor
|
|
|
|
policy: two_factor
|
|
|
|
policy: two_factor
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
identity_validation:
|
|
|
|
|
|
|
|
reset_password:
|
|
|
|
|
|
|
|
jwt_secret: {{ authelia.jwt_secret }}
|
|
|
|
|
|
|
|
|
|
|
|
session:
|
|
|
|
session:
|
|
|
|
secret: {{ authelia.session_secret }}
|
|
|
|
secret: {{ authelia.session_secret }}
|
|
|
|
domain: {{ domain }}
|
|
|
|
cookies:
|
|
|
|
|
|
|
|
- domain: {{ domain }}
|
|
|
|
|
|
|
|
authelia_url: https://auth.{{ domain }}
|
|
|
|
|
|
|
|
# default_redirection_url: https://www.{{ domain }}
|
|
|
|
|
|
|
|
|
|
|
|
storage:
|
|
|
|
storage:
|
|
|
|
encryption_key: {{ authelia.storage_encryption_key }}
|
|
|
|
encryption_key: {{ authelia.storage_encryption_key }}
|
|
|
@ -36,19 +41,19 @@ notifier:
|
|
|
|
smtp:
|
|
|
|
smtp:
|
|
|
|
username: apikey
|
|
|
|
username: apikey
|
|
|
|
password: {{ authelia.smtp_password }}
|
|
|
|
password: {{ authelia.smtp_password }}
|
|
|
|
host: smtp.sendgrid.net
|
|
|
|
address: smtp://smtp.sendgrid.net:25
|
|
|
|
port: 25
|
|
|
|
|
|
|
|
sender: authelia@kejadlen.dev
|
|
|
|
sender: authelia@kejadlen.dev
|
|
|
|
|
|
|
|
|
|
|
|
identity_providers:
|
|
|
|
identity_providers:
|
|
|
|
oidc:
|
|
|
|
oidc:
|
|
|
|
issuer_private_key: |
|
|
|
|
jwks:
|
|
|
|
{{ authelia.oidc_private_key | indent(6) }}
|
|
|
|
- key: |
|
|
|
|
|
|
|
|
{{ authelia.oidc_private_key | indent(10) }}
|
|
|
|
clients:
|
|
|
|
clients:
|
|
|
|
|
|
|
|
|
|
|
|
- id: grafana
|
|
|
|
- client_id: grafana
|
|
|
|
description: Grafana
|
|
|
|
client_name: Grafana
|
|
|
|
secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ
|
|
|
|
client_secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ
|
|
|
|
public: false
|
|
|
|
public: false
|
|
|
|
redirect_uris:
|
|
|
|
redirect_uris:
|
|
|
|
- https://grafana.{{ domain }}/login/generic_oauth
|
|
|
|
- https://grafana.{{ domain }}/login/generic_oauth
|
|
|
@ -58,9 +63,9 @@ identity_providers:
|
|
|
|
- groups
|
|
|
|
- groups
|
|
|
|
- email
|
|
|
|
- email
|
|
|
|
|
|
|
|
|
|
|
|
- id: tailscale
|
|
|
|
- client_id: tailscale
|
|
|
|
description: Tailscale
|
|
|
|
client_name: Tailscale
|
|
|
|
secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0
|
|
|
|
client_secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0
|
|
|
|
redirect_uris:
|
|
|
|
redirect_uris:
|
|
|
|
- https://login.tailscale.com/a/oauth_response
|
|
|
|
- https://login.tailscale.com/a/oauth_response
|
|
|
|
scopes:
|
|
|
|
scopes:
|
|
|
@ -68,9 +73,9 @@ identity_providers:
|
|
|
|
- email
|
|
|
|
- email
|
|
|
|
- profile
|
|
|
|
- profile
|
|
|
|
|
|
|
|
|
|
|
|
- id: gitea
|
|
|
|
- client_id: gitea
|
|
|
|
description: Gitea
|
|
|
|
client_name: Gitea
|
|
|
|
secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0
|
|
|
|
client_secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0
|
|
|
|
public: false
|
|
|
|
public: false
|
|
|
|
redirect_uris:
|
|
|
|
redirect_uris:
|
|
|
|
- https://git.{{ domain }}/user/oauth2/authelia/callback
|
|
|
|
- https://git.{{ domain }}/user/oauth2/authelia/callback
|
|
|
@ -79,9 +84,9 @@ identity_providers:
|
|
|
|
- email
|
|
|
|
- email
|
|
|
|
- profile
|
|
|
|
- profile
|
|
|
|
|
|
|
|
|
|
|
|
- id: miniflux
|
|
|
|
- client_id: miniflux
|
|
|
|
description: Miniflux
|
|
|
|
client_name: Miniflux
|
|
|
|
secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w
|
|
|
|
client_secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w
|
|
|
|
public: false
|
|
|
|
public: false
|
|
|
|
redirect_uris:
|
|
|
|
redirect_uris:
|
|
|
|
- https://rss.{{ domain }}/oauth2/oidc/callback
|
|
|
|
- https://rss.{{ domain }}/oauth2/oidc/callback
|
|
|
@ -89,15 +94,3 @@ identity_providers:
|
|
|
|
- openid
|
|
|
|
- openid
|
|
|
|
- email
|
|
|
|
- email
|
|
|
|
- profile
|
|
|
|
- profile
|
|
|
|
|
|
|
|
|
|
|
|
- id: parseable
|
|
|
|
|
|
|
|
description: Parseable
|
|
|
|
|
|
|
|
secret: $argon2id$v=19$m=65536,t=3,p=4$glcGbEsVvimlXW08i18Mbg$5VsdS3E8897Dsb1n+BMO5SAy1a1Sq9jeCLcTADTMGtA
|
|
|
|
|
|
|
|
public: false
|
|
|
|
|
|
|
|
redirect_uris:
|
|
|
|
|
|
|
|
- https://logs.{{ domain }}/api/v1/o/code
|
|
|
|
|
|
|
|
scopes:
|
|
|
|
|
|
|
|
- openid
|
|
|
|
|
|
|
|
- email
|
|
|
|
|
|
|
|
- profile
|
|
|
|
|
|
|
|
- groups
|
|
|
|
|
|
|
|