snowflake/hosts/sakura/services/authelia.nix

{config, ...}: {
  networking.firewall.allowedTCPPorts = [9091];
  sops.secrets.authelia-jwt = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
  sops.secrets.authelia-sek = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
  services.authelia.instances.default = {
    enable = true;
    secrets = {
      jwtSecretFile = config.sops.secrets.authelia-jwt.path;
      storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
    };
    settings = {
      log.level = "debug";
      theme = "dark";
      default_2fa_method = "totp";
      default_redirection_url = "https://passport.notohh.dev/";
      authentication_backend = {
        file.path = "/etc/authelia/user.yml";
      };
      session = {
        domain = "notohh.dev";
        expiration = 3600;
        inactivity = 300;
      };
      totp = {
        issuer = "authelia.com";
        disable = false;
        algorithm = "sha1";
        digits = 6;
        period = 30;
        skew = 1;
        secret_size = 32;
      };
      server = {
        host = "0.0.0.0";
        port = 9091;
      };
      access_control = {
        default_policy = "deny";
        rules = [
          {
            domain = "notohh.dev";
            policy = "bypass";
          }
        ];
      };
      regulation = {
        max_retries = 3;
        find_time = 120;
        ban_time = 300;
      };
      notifier.filesystem = {
        filename = "/var/lib/authelia-default/notif.txt";
      };
      storage.local = {
        path = "/var/lib/authelia-default/db.sqlite3";
      };
    };
  };
}
sakura: init authelia 2023-06-19 18:43:32 -04:00			`{config, ...}: {`
			`networking.firewall.allowedTCPPorts = [9091];`
			`sops.secrets.authelia-jwt = {owner = config.systemd.services.authelia-default.serviceConfig.User;};`
			`sops.secrets.authelia-sek = {owner = config.systemd.services.authelia-default.serviceConfig.User;};`
			`services.authelia.instances.default = {`
			`enable = true;`
			`secrets = {`
			`jwtSecretFile = config.sops.secrets.authelia-jwt.path;`
			`storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;`
			`};`
			`settings = {`
			`log.level = "debug";`
			`theme = "dark";`
			`default_2fa_method = "totp";`
			`default_redirection_url = "https://passport.notohh.dev/";`
			`authentication_backend = {`
			`file.path = "/etc/authelia/user.yml";`
			`};`
			`session = {`
			`domain = "notohh.dev";`
			`expiration = 3600;`
			`inactivity = 300;`
			`};`
			`totp = {`
			`issuer = "authelia.com";`
			`disable = false;`
			`algorithm = "sha1";`
			`digits = 6;`
			`period = 30;`
			`skew = 1;`
			`secret_size = 32;`
			`};`
			`server = {`
			`host = "0.0.0.0";`
			`port = 9091;`
			`};`
			`access_control = {`
			`default_policy = "deny";`
			`rules = [`
			`{`
			`domain = "notohh.dev";`
			`policy = "bypass";`
			`}`
			`];`
			`};`
			`regulation = {`
			`max_retries = 3;`
			`find_time = 120;`
			`ban_time = 300;`
			`};`
			`notifier.filesystem = {`
			`filename = "/var/lib/authelia-default/notif.txt";`
			`};`
			`storage.local = {`
			`path = "/var/lib/authelia-default/db.sqlite3";`
			`};`
			`};`
			`};`
			`}`