Add: Authelia config

authelia/conf/configuration.file.yml

@@ -0,0 +1,11 @@
+authentication_backend:
+  file:
+    path: /config/users.yml
+    password:
+      algorithm: argon2id
+      iterations: 3
+      key_length: 32
+      salt_length: 16
+      parallelism: 4
+      memory: 64
+

authelia/conf/configuration.ldap.yml

@@ -0,0 +1,28 @@
+# yamllint disable rule:comments-indentation
+---
+authentication_backend:
+  ldap:
+    implementation: custom
+    url: ldap://openldap
+    timeout: 5s
+    start_tls: false
+      #tls:
+      #  server_name: ldap.example.com
+      #  skip_verify: false
+      #  minimum_version: TLS1.2
+    users_filter: (&({username_attribute}={input})(objectClass=person))
+    username_attribute: uid
+    mail_attribute: mail
+    display_name_attribute: displayName
+    additional_groups_dn: ou=groups
+    groups_filter: (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
+    group_name_attribute: cn
+    permit_referrals: false
+    permit_unauthenticated_bind: false
+
+    additional_users_dn: ou=people
+    base_dn: DC=dev,DC=box
+    user: CN=admin,DC=dev,DC=box
+    password: admin
+
+

authelia/conf/configuration.yml

@@ -0,0 +1,99 @@
+# yamllint disable rule:comments-indentation
+---
+server:
+  host: 0.0.0.0
+  port: 9091
+  read_buffer_size: 4096
+  write_buffer_size: 4096
+  path: "authelia"
+# ENV: log_level: debug
+#jwt_secret: somethingsomethingrandomrecret567890765434567
+default_redirection_url: https://authelia   # NOENV
+  #duo_api:
+  #  hostname: api-somenumber.duosecurity.com
+  #  integration_key: SOMESECRETKEY
+  #  secret_key: somelongersecretkey
+authentication_backend:
+  password_reset:
+    disable: false
+    custom_url: "https://users.auth.barbu-it.net" # NOENV
+
+access_control:
+  default_policy: one_factor
+  #  default_policy: deny
+  #  rules:
+  #
+  #    - domain: auth.barbu-it.com
+  #      policy: bypass
+  #
+  #    # Admin domains
+  #    - domain:
+  #      - admin.barbu-it.net
+  #      - "*.admin.barbu-it.net"
+  #      policy: one_factor
+  #      subject:
+  #        - ['group:admin-it', 'group:admins']
+  #
+  #    # Employees domains
+  #    - domain:
+  #      - dolibarr.lan.barbu-it.net
+  #      #- hr.barbu-it.com
+  #      #- "*.hr.barbu-it.com"
+  #      policy: one_factor
+  #      subject:
+  #        - ['group:admin-hr', 'group:admins']
+  #
+  #    - domain:
+  #      - users.auth.barbu-it.net
+  #      policy: one_factor
+  #      subject:
+  #        - ['group:employees', 'group:admins']
+  #
+  #    # Legacyyy
+  #    - domain:
+  #      - librespeed.lan.barbu-it.net
+  #      policy: bypass
+  #
+  #    - domain:
+  #      #- lan.barbu-it.net
+  #      #- "*.lan.barbu-it.net"
+  #      #- "*.lan.barbu-it.com"
+  #      - "*.authelia.lan.barbu-it.net"
+  #        #- "*.barbu-it.net"
+  #        #- "*.barbu-it.com"
+  #      policy: one_factor
+  #        #policy: two_factor,bypass,deny
+session:
+  name: authelia_session
+  #ENV secret: somerandomsecret
+  expiration: 1h
+  inactivity: 5m
+  remember_me_duration: 1M
+  # ENV domain: lan.barbu-it.net
+regulation:
+  max_retries: 3
+  find_time: 2m
+  ban_time: 5m
+storage:
+  #ENV encryption_key:  687347boweubycrq84vr984olvtbue9y8tyenvurley8tvbet90ewtve-0t9ve
+  local:
+    path: /config/db.sqlite3
+notifier:
+  filesystem:
+    filename: /config/notification.txt
+
+      #notifier:
+      #  disable_startup_check: false
+      #  smtp:
+      #    username: myemail@gmail.com
+      #    password: longpassword
+      #    host: smtp.gmail.com
+      #    port: 587
+      #    sender: myemail@gmail.com
+      #    subject: "[Authelia] {title}"
+      #    startup_check_address: test@authelia.com
+      #      #trusted_cert: ""
+      #      #disable_require_tls: false
+      #      #disable_verify_cert: false
+      #
+