snowflake/hosts/sakura/services/authelia.nix

65 lines
1.7 KiB
Nix
Raw Normal View History

2023-06-19 18:43:32 -04:00
{config, ...}: {
networking.firewall.allowedTCPPorts = [9091];
sops.secrets.authelia-jwt = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
sops.secrets.authelia-sek = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
services.authelia.instances.default = {
enable = true;
secrets = {
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
};
settings = {
log.level = "debug";
theme = "dark";
default_2fa_method = "totp";
default_redirection_url = "https://passport.notohh.dev/";
authentication_backend = {
2023-06-19 19:04:33 -04:00
file.path = "/var/lib/authelia-default/user.yml";
2023-06-19 18:43:32 -04:00
};
session = {
domain = "notohh.dev";
expiration = 3600;
inactivity = 300;
};
totp = {
issuer = "authelia.com";
disable = false;
algorithm = "sha1";
digits = 6;
period = 30;
skew = 1;
secret_size = 32;
};
server = {
host = "0.0.0.0";
port = 9091;
};
access_control = {
default_policy = "deny";
rules = [
{
domain = "notohh.dev";
policy = "bypass";
}
];
};
regulation = {
max_retries = 3;
find_time = 120;
ban_time = 300;
};
notifier.filesystem = {
filename = "/var/lib/authelia-default/notif.txt";
};
2023-06-19 19:04:33 -04:00
storage.postgres = {
host = "192.168.1.211";
port = 5432;
database = "authelia";
schema = "public";
username = "authelia";
password = "authelia";
2023-06-19 18:43:32 -04:00
};
};
};
}