refactor: Consolidate Authelia configuration management and update setup scripts
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
- Removed outdated configuration files and scripts. - Introduced a new setup script to streamline environment and Authelia configuration updates. - Enhanced .gitignore to exclude unnecessary files. - Updated README to reflect new setup process and configuration details for Authelia v4.38+.
This commit is contained in:
75
authelia/configuration.example.yml
Normal file
75
authelia/configuration.example.yml
Normal file
@@ -0,0 +1,75 @@
|
||||
# Authelia Configuration File v4.38+
|
||||
# Documentation: https://www.authelia.com/configuration/
|
||||
|
||||
# Server settings
|
||||
server:
|
||||
address: 'tcp://0.0.0.0:9091'
|
||||
|
||||
# Logging configuration
|
||||
log:
|
||||
level: info
|
||||
format: text
|
||||
|
||||
# Session configuration for v4.38+
|
||||
session:
|
||||
name: authelia_session
|
||||
secret: ${AUTHELIA_SESSION_SECRET}
|
||||
expiration: 1h
|
||||
inactivity: 5m
|
||||
redis:
|
||||
host: redis
|
||||
port: 6379
|
||||
password: ${AUTHELIA_SESSION_REDIS_PASSWORD}
|
||||
database_index: 0
|
||||
cookies:
|
||||
# Using parent domain to allow proper cookie scope
|
||||
- domain: 'ts.net'
|
||||
authelia_url: 'https://tailscale-nas.ts.net'
|
||||
default_redirection_url: 'https://tailscale-nas.ts.net/home'
|
||||
same_site: lax
|
||||
|
||||
# Regulation (brute force protection)
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 2m
|
||||
ban_time: 5m
|
||||
|
||||
# Storage (for user preferences, etc. - encrypted using storage key)
|
||||
storage:
|
||||
encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
|
||||
# Authentication backend (using file-based user database)
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 1
|
||||
memory: 1024
|
||||
parallelism: 8
|
||||
salt_length: 16
|
||||
key_length: 32
|
||||
|
||||
# Access control rules
|
||||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
# This will match any Tailscale domain - using wildcard with domains is allowed in rules
|
||||
- domain: '*.ts.net'
|
||||
policy: one_factor
|
||||
|
||||
# Notifier configuration
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: /config/notification.txt
|
||||
|
||||
# Identity Validation (includes JWT secret for password reset)
|
||||
identity_validation:
|
||||
reset_password:
|
||||
jwt_secret: ${AUTHELIA_JWT_SECRET}
|
||||
|
||||
# Identity Providers
|
||||
identity_providers:
|
||||
oidc: null
|
||||
Reference in New Issue
Block a user