Authelia v4.38

main
Alpha Chen 8 months ago
parent dfbb676841
commit 4dd503b2a5
Signed by: alpha
SSH Key Fingerprint: SHA256:3fOT8fiYQG/aK9ntivV3Bqtg8AYQ7q4nV6ZgihOA20g

@ -1,7 +1,7 @@
- name: Set up Authelia - name: Set up Authelia
hosts: lotus-land-story hosts: lotus-land-story
vars: vars:
version: 4.37.5 version: 4.38.6
vars_files: vars_files:
- vars.yml - vars.yml
tasks: tasks:

@ -1,8 +1,6 @@
# https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-client-secrets # https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-client-secrets
theme: auto theme: auto
jwt_secret: {{ authelia.jwt_secret }}
default_redirection_url: https://auth.{{ domain }}/
log: log:
level: debug level: debug
@ -23,9 +21,16 @@ access_control:
# policy: one_factor # policy: one_factor
policy: two_factor policy: two_factor
identity_validation:
reset_password:
jwt_secret: {{ authelia.jwt_secret }}
session: session:
secret: {{ authelia.session_secret }} secret: {{ authelia.session_secret }}
domain: {{ domain }} cookies:
- domain: {{ domain }}
authelia_url: https://auth.{{ domain }}
# default_redirection_url: https://www.{{ domain }}
storage: storage:
encryption_key: {{ authelia.storage_encryption_key }} encryption_key: {{ authelia.storage_encryption_key }}
@ -36,19 +41,19 @@ notifier:
smtp: smtp:
username: apikey username: apikey
password: {{ authelia.smtp_password }} password: {{ authelia.smtp_password }}
host: smtp.sendgrid.net address: smtp://smtp.sendgrid.net:25
port: 25
sender: authelia@kejadlen.dev sender: authelia@kejadlen.dev
identity_providers: identity_providers:
oidc: oidc:
issuer_private_key: | jwks:
{{ authelia.oidc_private_key | indent(6) }} - key: |
{{ authelia.oidc_private_key | indent(10) }}
clients: clients:
- id: grafana - client_id: grafana
description: Grafana client_name: Grafana
secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ client_secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ
public: false public: false
redirect_uris: redirect_uris:
- https://grafana.{{ domain }}/login/generic_oauth - https://grafana.{{ domain }}/login/generic_oauth
@ -58,9 +63,9 @@ identity_providers:
- groups - groups
- email - email
- id: tailscale - client_id: tailscale
description: Tailscale client_name: Tailscale
secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0 client_secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0
redirect_uris: redirect_uris:
- https://login.tailscale.com/a/oauth_response - https://login.tailscale.com/a/oauth_response
scopes: scopes:
@ -68,9 +73,9 @@ identity_providers:
- email - email
- profile - profile
- id: gitea - client_id: gitea
description: Gitea client_name: Gitea
secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0 client_secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0
public: false public: false
redirect_uris: redirect_uris:
- https://git.{{ domain }}/user/oauth2/authelia/callback - https://git.{{ domain }}/user/oauth2/authelia/callback
@ -79,9 +84,9 @@ identity_providers:
- email - email
- profile - profile
- id: miniflux - client_id: miniflux
description: Miniflux client_name: Miniflux
secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w client_secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w
public: false public: false
redirect_uris: redirect_uris:
- https://rss.{{ domain }}/oauth2/oidc/callback - https://rss.{{ domain }}/oauth2/oidc/callback
@ -89,15 +94,3 @@ identity_providers:
- openid - openid
- email - email
- profile - profile
- id: parseable
description: Parseable
secret: $argon2id$v=19$m=65536,t=3,p=4$glcGbEsVvimlXW08i18Mbg$5VsdS3E8897Dsb1n+BMO5SAy1a1Sq9jeCLcTADTMGtA
public: false
redirect_uris:
- https://logs.{{ domain }}/api/v1/o/code
scopes:
- openid
- email
- profile
- groups

Loading…
Cancel
Save