init

2024-06-12 12:34:16 +00:00
commit 3b17c87a93
10 changed files with 337 additions and 0 deletions
--- a/data/authelia/access_control.yml
+++ b/data/authelia/access_control.yml
@@ -0,0 +1,22 @@
+access_control:
+  default_policy: one_factor
+  # networks:
+  # - name: 'internal'
+  #   networks:
+  #   - '10.0.0.0/8'
+  #   - '172.16.0.0/12'
+  #   - '192.168.0.0/18'
+  rules:
+    - domain: traefik.lab.bildme.ru # TODO CHANGE ME!
+      policy: one_factor
+      subject:
+      - ['group:admins']
+    - domain: test1.lab.bildme.ru # TODO CHANGE ME!
+      policy: two_factor
+      subject:
+      - ['group:admins']
+      # networks:
+      # - 'internal'
+      # methods:
+      # - 'GET'
+      # - 'HEAD'
--- a/data/authelia/configuration.yml
+++ b/data/authelia/configuration.yml
@@ -0,0 +1,105 @@
+###############################################################################
+#                           Authelia Configuration                            #
+###############################################################################
+
+theme: dark
+
+identity_validation:
+  reset_password:
+    jwt_secret: LCnTJ5AxoB4tGvClpfhOSiLCnTJ5AxoB4tGvClpfhOSi # TODO CHANGE ME!
+
+default_2fa_method: "totp"
+
+## Server Configuration
+server:
+  address: tcp://0.0.0.0:9091/
+  endpoints:
+    enable_pprof: false
+    enable_expvars: false
+
+## Log Configuration
+log:
+  level: debug
+
+## TOTP Configuration
+totp:
+  issuer: auth.lab.bildme.ru # TODO CHANGE ME!
+
+## WebAuthn Configuration
+webauthn:
+  disable: false
+  timeout: 60s
+  display_name: Authelia
+  attestation_conveyance_preference: indirect
+  user_verification: preferred
+
+## NTP Configuration
+ntp:
+  address: "time.cloudflare.com:123"
+  version: 4
+  max_desync: 3s
+  disable_startup_check: false
+  disable_failure: false
+
+## Authentication Backend Provider Configuration
+authentication_backend:
+  ## File (Authentication Provider)
+  file:
+    path: /config/users_database.yml
+    watch: true
+    search:
+      email: false
+      case_insensitive: false
+    password:
+      algorithm: argon2
+      argon2:
+        variant: 'argon2id'
+        iterations: 3
+        memory: 65536
+        parallelism: 4
+        key_length: 32
+        salt_length: 16
+
+## Session Provider Configuration
+session:
+  secret: Y8W4HvSen0R4Y8W4HvSen0R4Y8W4HvSen0R4 # TODO CHANGE ME!
+  expiration: 8h
+  inactivity: 4h
+  cookies:
+    - name: 'Authelia Demo cookies'
+      domain: lab.bildme.ru # TODO CHANGE ME!
+      authelia_url: https://auth.lab.bildme.ru/ # TODO CHANGE ME!
+      expiration: '1 hour'
+      inactivity: '5 minutes'
+
+  ## Redis Provider
+  redis:
+    host: redis
+    port: 6379
+    database_index: 0
+    maximum_active_connections: 20
+    minimum_idle_connections: 0
+
+## Regulation Configuration
+regulation:
+  max_retries: 3
+  find_time: 2m
+  ban_time: 30m
+
+## Storage Provider Configuration
+storage:
+  encryption_key: 9JM1ZMf980gQ3enewZEoTq9JM1ZMf980gQ3enewZEoTq # TODO CHANGE ME!
+  local:
+    path: /config/db.sqlite3
+
+## Notification Provider
+notifier:
+  disable_startup_check: true
+  ## File System (Notification Provider)
+  # filesystem:
+  #   filename: /config/notification.txt
+  smtp: # TODO CHANGE ME!
+    subject: "[Authelia] {title}"
+    username: 'authelia@mg.bildme.ru'
+    sender: 'auth@mg.bildme.ru'
+    address: 'smtp://smtp.eu.mailgun.org:587'
--- a/data/authelia/secrets/smtp-pass.key-example
+++ b/data/authelia/secrets/smtp-pass.key-example
@@ -0,0 +1 @@
+smtp-pass
--- a/data/authelia/users_database.yml.example
+++ b/data/authelia/users_database.yml.example
@@ -0,0 +1,14 @@
+---
+###############################################################
+#                         DEMO Users Database                 #
+###############################################################
+
+users:
+  admin:
+    disabled: false
+    displayname: "Demo User"
+    password: ""
+    email: admin@gmail.com
+    groups:
+      - admins
+...
--- a/data/traefik/traefik.yaml
+++ b/data/traefik/traefik.yaml
@@ -0,0 +1,45 @@
+global:
+  checkNewVersion: true
+
+log:
+  level: debug
+  filePath: /data/stdout.log
+  format: common
+
+accessLog:
+  filePath: "/data/access.log"
+  filters:
+    statusCodes:
+      - "500-505"
+    retryAttempts: true
+    minDuration: "10ms"
+
+serversTransport:
+  insecureSkipVerify: true
+
+api:
+  dashboard: true
+
+entryPoints:
+  http:
+    address: ":80"
+    forwardedHeaders:
+      insecure: true
+  https:
+    address: ":443"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  # file:
+  #   directory: /custom
+  #   watch: true
+
+certificatesResolvers:
+  letsEncrypt:
+    acme:
+      email: admin@gmail.com
+      storage: acme.json
+      httpChallenge:
+        entryPoint: http