works?
This commit is contained in:
parent
d6f40dd4fd
commit
7d3100c3d3
GPG key ID:
1FFAC35E1798174F
1 changed files with 26 additions and 31 deletions
|
|
@ -30,7 +30,7 @@ with lib; {
|
|||
};
|
||||
|
||||
config = {
|
||||
systemd.services.authelia-main.before = [ "nginx.service" ];
|
||||
systemd.services.authelia-main.before = ["nginx.service"];
|
||||
|
||||
services = {
|
||||
nginx = {
|
||||
|
|
@ -79,6 +79,7 @@ with lib; {
|
|||
|
||||
authelia.instances.main = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.authelia;
|
||||
# config based on https://github.com/authelia/authelia/blob/master/config.template.yml
|
||||
secrets = {
|
||||
jwtSecretFile = "/var/trust/authelia-main/jwt-secret";
|
||||
|
|
@ -92,7 +93,6 @@ with lib; {
|
|||
disable_healthcheck = true;
|
||||
port = 9091;
|
||||
host = "localhost";
|
||||
address = "tcp://localhost:9091/"; #TODO: user unix socket
|
||||
endpoints.authz.auth-request.implementation = "AuthRequest";
|
||||
};
|
||||
# tls settings not modified https://github.com/authelia/authelia/blob/master/config.template.yml#L53
|
||||
|
|
@ -100,25 +100,22 @@ with lib; {
|
|||
level = "info";
|
||||
format = "text";
|
||||
};
|
||||
telemetry.enabled = false;
|
||||
telemetry.metrics.enabled = false;
|
||||
totp = {
|
||||
disable = false;
|
||||
issuer = "https://getaegis.app/ or whatever you prefer";
|
||||
# default values assumed https://github.com/authelia/authelia/blob/master/config.template.yml#L181
|
||||
};
|
||||
webauthn = {
|
||||
disable = false;
|
||||
# default values assumed: https://github.com/authelia/authelia/blob/master/config.template.yml#L231
|
||||
};
|
||||
duo_api.disable = true;
|
||||
# identity_validation default values assumed: https://github.com/authelia/authelia/blob/master/config.template.yml#L266
|
||||
authentication_backend.file = {
|
||||
path = "/var/trust/authelia-main/users_database.yml"; #TODO:
|
||||
path = "/var/lib/authelia-main/users_database.yml";
|
||||
password.algorithm = "argon2";
|
||||
password_policy.zxcvbn = {
|
||||
enable = true;
|
||||
min_score = 3;
|
||||
};
|
||||
};
|
||||
password_policy.zxcvbn = {
|
||||
enabled = true;
|
||||
min_score = 3;
|
||||
};
|
||||
access_control = {
|
||||
default_policy = "deny";
|
||||
|
|
@ -134,25 +131,23 @@ with lib; {
|
|||
];
|
||||
};
|
||||
session = {
|
||||
cookies = {
|
||||
name = "posixlycorrect_session";
|
||||
domain = "auth.posixlycorrect.com";
|
||||
authelia_url = "https://auth.posixlycorrect.com";
|
||||
default_redirection_url = "https://posixlycorrect.com";
|
||||
same_site = "lax";
|
||||
|
||||
# see https://github.com/authelia/authelia/blob/master/config.template.yml#L756
|
||||
inactivity = "5 minutes";
|
||||
expiration = "1 hour";
|
||||
remember_me = "1 month";
|
||||
};
|
||||
|
||||
# see https://github.com/authelia/authelia/blob/master/config.template.yml#L774
|
||||
name = "authelia_session";
|
||||
name = "posixlycorrect_session";
|
||||
same_site = "lax";
|
||||
inactivity = "5m";
|
||||
expiration = "1h";
|
||||
remember_me = "1M";
|
||||
cookies = [
|
||||
{
|
||||
name = "posixlycorrect_session";
|
||||
domain = "posixlycorrect.com";
|
||||
authelia_url = "https://auth.posixlycorrect.com";
|
||||
default_redirection_url = "https://posixlycorrect.com";
|
||||
same_site = "lax";
|
||||
inactivity = "5 minutes";
|
||||
expiration = "1 hour";
|
||||
remember_me = "1 month";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
regulation = {
|
||||
|
|
@ -161,12 +156,12 @@ with lib; {
|
|||
ban_time = "5 minutes";
|
||||
};
|
||||
|
||||
storage.local.path = "/var/trust/authelia-main/db.sqlite3"; #TODO:
|
||||
storage.local.path = "/var/lib/authelia-main/db.sqlite3";
|
||||
|
||||
# TODO:
|
||||
#notifier.smtp = {
|
||||
#
|
||||
#};
|
||||
# TODO: usar smtp
|
||||
notifier.filesystem = {
|
||||
filename = "/tmp/trash.txt";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Reference in a new issue