archive/server_config
Archived
1
0
Fork 0
Code Issues 1 Pull requests Packages Projects Releases Wiki Activity

works?

Browse source
This commit is contained in:
Fabian Montero 2024-08-25 02:09:29 -06:00
parent d6f40dd4fd
commit 7d3100c3d3
Signed by untrusted user: fabian
GPG key ID: 1FFAC35E1798174F
1 changed files with 26 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
sys/srv/authelia/default.nix
View file

@ -30,7 +30,7 @@ with lib; {
}; };
config = { config = {
systemd.services.authelia-main.before = [ "nginx.service" ]; systemd.services.authelia-main.before = ["nginx.service"];
services = { services = {
nginx = { nginx = {
@ -79,6 +79,7 @@ with lib; {
authelia.instances.main = { authelia.instances.main = {
enable = true; enable = true;
package = pkgs.unstable.authelia;
# config based on https://github.com/authelia/authelia/blob/master/config.template.yml # config based on https://github.com/authelia/authelia/blob/master/config.template.yml
secrets = { secrets = {
jwtSecretFile = "/var/trust/authelia-main/jwt-secret"; jwtSecretFile = "/var/trust/authelia-main/jwt-secret";
@ -92,7 +93,6 @@ with lib; {
disable_healthcheck = true; disable_healthcheck = true;
port = 9091; port = 9091;
host = "localhost"; host = "localhost";
address = "tcp://localhost:9091/"; #TODO: user unix socket
endpoints.authz.auth-request.implementation = "AuthRequest"; endpoints.authz.auth-request.implementation = "AuthRequest";
}; };
# tls settings not modified https://github.com/authelia/authelia/blob/master/config.template.yml#L53 # tls settings not modified https://github.com/authelia/authelia/blob/master/config.template.yml#L53
@ -100,25 +100,22 @@ with lib; {
level = "info"; level = "info";
format = "text"; format = "text";
}; };
telemetry.enabled = false; telemetry.metrics.enabled = false;
totp = { totp = {
disable = false; disable = false;
issuer = "https://getaegis.app/ or whatever you prefer"; issuer = "https://getaegis.app/ or whatever you prefer";
# default values assumed https://github.com/authelia/authelia/blob/master/config.template.yml#L181
}; };
webauthn = { webauthn = {
disable = false; disable = false;
# default values assumed: https://github.com/authelia/authelia/blob/master/config.template.yml#L231
}; };
duo_api.disable = true; duo_api.disable = true;
# identity_validation default values assumed: https://github.com/authelia/authelia/blob/master/config.template.yml#L266
authentication_backend.file = { authentication_backend.file = {
path = "/var/trust/authelia-main/users_database.yml"; #TODO: path = "/var/lib/authelia-main/users_database.yml";
password.algorithm = "argon2"; password.algorithm = "argon2";
password_policy.zxcvbn = { };
enable = true; password_policy.zxcvbn = {
min_score = 3; enabled = true;
}; min_score = 3;
}; };
access_control = { access_control = {
default_policy = "deny"; default_policy = "deny";
@ -134,25 +131,23 @@ with lib; {
]; ];
}; };
session = { session = {
cookies = { name = "posixlycorrect_session";
name = "posixlycorrect_session";
domain = "auth.posixlycorrect.com";
authelia_url = "https://auth.posixlycorrect.com";
default_redirection_url = "https://posixlycorrect.com";
same_site = "lax";
# see https://github.com/authelia/authelia/blob/master/config.template.yml#L756
inactivity = "5 minutes";
expiration = "1 hour";
remember_me = "1 month";
};
# see https://github.com/authelia/authelia/blob/master/config.template.yml#L774
name = "authelia_session";
same_site = "lax"; same_site = "lax";
inactivity = "5m"; inactivity = "5m";
expiration = "1h"; expiration = "1h";
remember_me = "1M"; remember_me = "1M";
cookies = [
{
name = "posixlycorrect_session";
domain = "posixlycorrect.com";
authelia_url = "https://auth.posixlycorrect.com";
default_redirection_url = "https://posixlycorrect.com";
same_site = "lax";
inactivity = "5 minutes";
expiration = "1 hour";
remember_me = "1 month";
}
];
}; };
regulation = { regulation = {
@ -161,12 +156,12 @@ with lib; {
ban_time = "5 minutes"; ban_time = "5 minutes";
}; };
storage.local.path = "/var/trust/authelia-main/db.sqlite3"; #TODO: storage.local.path = "/var/lib/authelia-main/db.sqlite3";
# TODO: # TODO: usar smtp
#notifier.smtp = { notifier.filesystem = {
# filename = "/tmp/trash.txt";
#}; };
}; };
}; };
}; };