62 lines
2.4 KiB
Nix
62 lines
2.4 KiB
Nix
# services/authelia.nix — Native Authelia SSO
|
|
# Secrets live in /var/secrets/authelia (root:authelia-main, 640) — see readme.
|
|
{ config, lib, pkgs, ... }:
|
|
{
|
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
|
|
|
services.authelia.instances.main = {
|
|
enable = true;
|
|
|
|
secrets = {
|
|
jwtSecretFile = "/var/secrets/authelia/jwt_secret";
|
|
storageEncryptionKeyFile = "/var/secrets/authelia/storage_encryption_key";
|
|
sessionSecretFile = "/var/secrets/authelia/session_secret";
|
|
};
|
|
|
|
settings = {
|
|
theme = "dark";
|
|
server.address = "tcp://127.0.0.1:9091/";
|
|
|
|
log = {
|
|
level = "info";
|
|
format = "text";
|
|
};
|
|
|
|
authentication_backend.file.path = "/var/lib/authelia-main/users_database.yml";
|
|
|
|
access_control = {
|
|
default_policy = "deny";
|
|
rules = [
|
|
{ domain = "frigate.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "camera.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "homepage.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "7dtd.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "adguard.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "sonarr.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "radarr.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "bazarr.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "prowlarr.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "torrent.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "profilarr.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "sabnzbd.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "code.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "notes.nordhammer.it"; policy = "one_factor"; }
|
|
{ domain = "neko.nordhammer.it"; policy = "one_factor"; }
|
|
];
|
|
};
|
|
|
|
session = {
|
|
cookies = [{
|
|
domain = "nordhammer.it";
|
|
authelia_url = "https://auth.nordhammer.it";
|
|
}];
|
|
expiration = "12h";
|
|
inactivity = "2h";
|
|
};
|
|
|
|
storage.local.path = "/var/lib/authelia-main/db.sqlite3";
|
|
notifier.filesystem.filename = "/var/lib/authelia-main/notification.txt";
|
|
};
|
|
};
|
|
};
|
|
}
|