diff --git a/sys/srv/authelia/default.nix b/sys/srv/authelia/default.nix index 1eb2f37..f30386e 100644 --- a/sys/srv/authelia/default.nix +++ b/sys/srv/authelia/default.nix @@ -30,7 +30,7 @@ with lib; { }; config = { - systemd.services.authelia-main.before = [ "nginx.service" ]; + systemd.services.authelia-main.before = ["nginx.service"]; services = { nginx = { @@ -79,6 +79,7 @@ with lib; { authelia.instances.main = { enable = true; + package = pkgs.unstable.authelia; # config based on https://github.com/authelia/authelia/blob/master/config.template.yml secrets = { jwtSecretFile = "/var/trust/authelia-main/jwt-secret"; @@ -92,7 +93,6 @@ with lib; { disable_healthcheck = true; port = 9091; host = "localhost"; - address = "tcp://localhost:9091/"; #TODO: user unix socket endpoints.authz.auth-request.implementation = "AuthRequest"; }; # tls settings not modified https://github.com/authelia/authelia/blob/master/config.template.yml#L53 @@ -100,25 +100,22 @@ with lib; { level = "info"; format = "text"; }; - telemetry.enabled = false; + telemetry.metrics.enabled = false; totp = { disable = false; issuer = "https://getaegis.app/ or whatever you prefer"; - # default values assumed https://github.com/authelia/authelia/blob/master/config.template.yml#L181 }; webauthn = { disable = false; - # default values assumed: https://github.com/authelia/authelia/blob/master/config.template.yml#L231 }; duo_api.disable = true; - # identity_validation default values assumed: https://github.com/authelia/authelia/blob/master/config.template.yml#L266 authentication_backend.file = { - path = "/var/trust/authelia-main/users_database.yml"; #TODO: + path = "/var/lib/authelia-main/users_database.yml"; password.algorithm = "argon2"; - password_policy.zxcvbn = { - enable = true; - min_score = 3; - }; + }; + password_policy.zxcvbn = { + enabled = true; + min_score = 3; }; access_control = { default_policy = "deny"; @@ -134,25 +131,23 @@ with lib; { ]; }; session = { - cookies = { - name = "posixlycorrect_session"; - domain = "auth.posixlycorrect.com"; - authelia_url = "https://auth.posixlycorrect.com"; - default_redirection_url = "https://posixlycorrect.com"; - same_site = "lax"; - - # see https://github.com/authelia/authelia/blob/master/config.template.yml#L756 - inactivity = "5 minutes"; - expiration = "1 hour"; - remember_me = "1 month"; - }; - - # see https://github.com/authelia/authelia/blob/master/config.template.yml#L774 - name = "authelia_session"; + name = "posixlycorrect_session"; same_site = "lax"; inactivity = "5m"; expiration = "1h"; remember_me = "1M"; + cookies = [ + { + name = "posixlycorrect_session"; + domain = "posixlycorrect.com"; + authelia_url = "https://auth.posixlycorrect.com"; + default_redirection_url = "https://posixlycorrect.com"; + same_site = "lax"; + inactivity = "5 minutes"; + expiration = "1 hour"; + remember_me = "1 month"; + } + ]; }; regulation = { @@ -161,12 +156,12 @@ with lib; { ban_time = "5 minutes"; }; - storage.local.path = "/var/trust/authelia-main/db.sqlite3"; #TODO: + storage.local.path = "/var/lib/authelia-main/db.sqlite3"; - # TODO: - #notifier.smtp = { - # - #}; + # TODO: usar smtp + notifier.filesystem = { + filename = "/tmp/trash.txt"; + }; }; }; };