60 lines
1.6 KiB
Nix
60 lines
1.6 KiB
Nix
{config, ...}: {
|
|
networking.firewall.allowedTCPPorts = [9091];
|
|
sops.secrets.authelia-jwt = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
|
|
sops.secrets.authelia-sek = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
|
|
services.authelia.instances.default = {
|
|
enable = true;
|
|
secrets = {
|
|
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
|
|
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
|
|
};
|
|
settings = {
|
|
log.level = "debug";
|
|
theme = "dark";
|
|
default_2fa_method = "totp";
|
|
default_redirection_url = "https://passport.notohh.dev/";
|
|
authentication_backend = {
|
|
file.path = "/etc/authelia/user.yml";
|
|
};
|
|
session = {
|
|
domain = "notohh.dev";
|
|
expiration = 3600;
|
|
inactivity = 300;
|
|
};
|
|
totp = {
|
|
issuer = "authelia.com";
|
|
disable = false;
|
|
algorithm = "sha1";
|
|
digits = 6;
|
|
period = 30;
|
|
skew = 1;
|
|
secret_size = 32;
|
|
};
|
|
server = {
|
|
host = "0.0.0.0";
|
|
port = 9091;
|
|
};
|
|
access_control = {
|
|
default_policy = "deny";
|
|
rules = [
|
|
{
|
|
domain = "notohh.dev";
|
|
policy = "bypass";
|
|
}
|
|
];
|
|
};
|
|
regulation = {
|
|
max_retries = 3;
|
|
find_time = 120;
|
|
ban_time = 300;
|
|
};
|
|
notifier.filesystem = {
|
|
filename = "/var/lib/authelia-default/notif.txt";
|
|
};
|
|
storage.local = {
|
|
path = "/var/lib/authelia-default/db.sqlite3";
|
|
};
|
|
};
|
|
};
|
|
}
|