97 lines
2.4 KiB
YAML
97 lines
2.4 KiB
YAML
access_control:
|
|
default_policy: one_factor
|
|
networks:
|
|
- name: internal
|
|
networks:
|
|
- 172.30.0.0/26
|
|
- 172.31.1.0/24
|
|
rules:
|
|
- domain: paperless.pyrocufflink.blue
|
|
policy: two_factor
|
|
- domain: firefly.pyrocufflink.blue
|
|
resources:
|
|
- '^/api/'
|
|
policy: bypass
|
|
- domain: firefly.pyrocufflink.blue
|
|
policy: two_factor
|
|
- domain: scan.pyrocufflink.blue
|
|
networks:
|
|
- internal
|
|
policy: bypass
|
|
|
|
authentication_backend:
|
|
ldap:
|
|
base_dn: DC=pyrocufflink,DC=blue
|
|
implementation: activedirectory
|
|
tls:
|
|
minimum_version: TLS1.2
|
|
url: ldaps://pyrocufflink.blue
|
|
user: CN=svc.authelia,CN=Users,DC=pyrocufflink,DC=blue
|
|
|
|
identity_providers:
|
|
oidc:
|
|
clients:
|
|
- id: e20a50c2-55eb-4cb1-96ce-fe71c61c1d89
|
|
description: Jenkins
|
|
secret: >-
|
|
$argon2id$v=19$m=65536,t=3,p=4$qoo6+3ToLbsZOI/BxcppGw$srNBfpIHqpxLh+VfVNNe27A1Ci9dCKLfB8rWXLNkv44
|
|
redirect_uris:
|
|
- https://jenkins.pyrocufflink.blue/securityRealm/finishLogin
|
|
scopes:
|
|
- openid
|
|
- groups
|
|
- profile
|
|
- email
|
|
- offline_access
|
|
authorization_policy: one_factor
|
|
pre_configured_consent_duration: 7d
|
|
- id: kubernetes
|
|
description: Kubernetes
|
|
public: true
|
|
redirect_uris:
|
|
- http://localhost:8000
|
|
- http://localhost:18000
|
|
authorization_policy: one_factor
|
|
pre_configured_consent_duration: 7d
|
|
- id: 1b6adbfc-d9e0-4cab-b780-e410639dc420
|
|
description: MinIO
|
|
secret: >-
|
|
$pbkdf2-sha512$310000$TkQ1BwLrr.d8AVGWk2rLhA$z4euAPhkkZdjcxKFD3tZRtNQ/R78beW7epJ.BGFWSwQdAme5TugNj9Ba.aL5TEqrBDmXRW0xiI9EbxSszckG5A
|
|
redirect_uris:
|
|
- https://burp.pyrocufflink.blue:9090/oauth_callback
|
|
- id: step-ca
|
|
description: step-ca
|
|
public: true
|
|
redirect_uris:
|
|
- http://127.0.0.1
|
|
pre_configured_consent_duration: 7d
|
|
- id: argocd
|
|
description: Argo CD
|
|
redirect_uris:
|
|
- https://argocd.pyrocufflink.blue/auth/callback
|
|
secret: >-
|
|
$pbkdf2-sha512$310000$l/uOezgWjqe3boGLYAnKcg$uqn1FC8Lj2y1NG5Q91PeLfLLUQ.qtlKFLd0AWJ56owLME9mV/Zx8kQ2x7OS/MOoMLmUgKd4zogYKab2HGFr0kw
|
|
|
|
log:
|
|
level: trace
|
|
|
|
notifier:
|
|
smtp:
|
|
disable_require_tls: true
|
|
host: mail.pyrocufflink.blue
|
|
port: 25
|
|
sender: auth@pyrocufflink.net
|
|
|
|
session:
|
|
domain: pyrocufflink.blue
|
|
expiration: 1d
|
|
inactivity: 4h
|
|
|
|
server:
|
|
buffers:
|
|
read: 16384
|
|
|
|
storage:
|
|
local:
|
|
path: /var/lib/authelia/db.sqlite3
|