This commit is contained in:
Fabian Montero 2024-08-25 02:09:29 -06:00
parent d6f40dd4fd
commit 7d3100c3d3
Signed by untrusted user: fabian
GPG key ID: 1FFAC35E1798174F

View file

@ -79,6 +79,7 @@ with lib; {
authelia.instances.main = {
enable = true;
package = pkgs.unstable.authelia;
# config based on https://github.com/authelia/authelia/blob/master/config.template.yml
secrets = {
jwtSecretFile = "/var/trust/authelia-main/jwt-secret";
@ -92,7 +93,6 @@ with lib; {
disable_healthcheck = true;
port = 9091;
host = "localhost";
address = "tcp://localhost:9091/"; #TODO: user unix socket
endpoints.authz.auth-request.implementation = "AuthRequest";
};
# tls settings not modified https://github.com/authelia/authelia/blob/master/config.template.yml#L53
@ -100,25 +100,22 @@ with lib; {
level = "info";
format = "text";
};
telemetry.enabled = false;
telemetry.metrics.enabled = false;
totp = {
disable = false;
issuer = "https://getaegis.app/ or whatever you prefer";
# default values assumed https://github.com/authelia/authelia/blob/master/config.template.yml#L181
};
webauthn = {
disable = false;
# default values assumed: https://github.com/authelia/authelia/blob/master/config.template.yml#L231
};
duo_api.disable = true;
# identity_validation default values assumed: https://github.com/authelia/authelia/blob/master/config.template.yml#L266
authentication_backend.file = {
path = "/var/trust/authelia-main/users_database.yml"; #TODO:
path = "/var/lib/authelia-main/users_database.yml";
password.algorithm = "argon2";
password_policy.zxcvbn = {
enable = true;
min_score = 3;
};
password_policy.zxcvbn = {
enabled = true;
min_score = 3;
};
access_control = {
default_policy = "deny";
@ -134,25 +131,23 @@ with lib; {
];
};
session = {
cookies = {
name = "posixlycorrect_session";
domain = "auth.posixlycorrect.com";
authelia_url = "https://auth.posixlycorrect.com";
default_redirection_url = "https://posixlycorrect.com";
same_site = "lax";
# see https://github.com/authelia/authelia/blob/master/config.template.yml#L756
inactivity = "5 minutes";
expiration = "1 hour";
remember_me = "1 month";
};
# see https://github.com/authelia/authelia/blob/master/config.template.yml#L774
name = "authelia_session";
same_site = "lax";
inactivity = "5m";
expiration = "1h";
remember_me = "1M";
cookies = [
{
name = "posixlycorrect_session";
domain = "posixlycorrect.com";
authelia_url = "https://auth.posixlycorrect.com";
default_redirection_url = "https://posixlycorrect.com";
same_site = "lax";
inactivity = "5 minutes";
expiration = "1 hour";
remember_me = "1 month";
}
];
};
regulation = {
@ -161,12 +156,12 @@ with lib; {
ban_time = "5 minutes";
};
storage.local.path = "/var/trust/authelia-main/db.sqlite3"; #TODO:
storage.local.path = "/var/lib/authelia-main/db.sqlite3";
# TODO:
#notifier.smtp = {
#
#};
# TODO: usar smtp
notifier.filesystem = {
filename = "/tmp/trash.txt";
};
};
};
};