Files
truenas-stacks/identity/authelia/configuration.yml.example

104 lines
2.3 KiB
Plaintext

# Render concrete values into configuration.yml on PD.
# Do not rely on runtime env interpolation for this file.
theme: auto
default_2fa_method: totp
server:
address: tcp://0.0.0.0:9091
log:
level: info
totp:
issuer: paccoco.com
authentication_backend:
file:
path: /config/users_database.yml
watch: false
password:
algorithm: argon2
access_control:
default_policy: deny
rules:
- domain:
- '*.paccoco.com'
policy: one_factor
session:
secret: 'CHANGE_ME_SESSION_SECRET'
name: authelia_session
same_site: lax
expiration: 8h
inactivity: 1h
remember_me: 30d
redis:
host: shared-redis
port: 6379
password: 'CHANGE_ME_REDIS_PASSWORD'
cookies:
- domain: paccoco.com
authelia_url: https://auth.paccoco.com
default_redirection_url: https://grafana.paccoco.com
storage:
encryption_key: 'CHANGE_ME_STORAGE_ENCRYPTION_KEY'
postgres:
address: tcp://shared-postgres:5432
database: 'authelia'
schema: public
username: 'authelia'
password: 'CHANGE_ME_POSTGRES_PASSWORD'
identity_validation:
reset_password:
jwt_secret: 'CHANGE_ME_RESET_PASSWORD_JWT_SECRET'
notifier:
filesystem:
filename: /config/data/notification.txt
identity_providers:
oidc:
hmac_secret: 'CHANGE_ME_OIDC_HMAC_SECRET'
jwks:
- key_id: 'grafana'
algorithm: 'RS256'
use: 'sig'
key: |
-----BEGIN PRIVATE KEY-----
CHANGE_ME_OIDC_PRIVATE_KEY
-----END PRIVATE KEY-----
claims_policies:
grafana:
id_token:
- email
- email_verified
- groups
- preferred_username
- name
clients:
- client_id: 'grafana'
client_name: 'Grafana'
client_secret: 'CHANGE_ME_GRAFANA_CLIENT_SECRET'
public: false
authorization_policy: 'one_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://grafana.paccoco.com/login/generic_oauth'
scopes:
- openid
- profile
- email
- groups
response_types:
- code
grant_types:
- authorization_code
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
claims_policy: 'grafana'