67 lines
1.4 KiB
YAML
67 lines
1.4 KiB
YAML
access_control:
|
|
default_policy: one_factor
|
|
networks:
|
|
- name: internal
|
|
networks:
|
|
- 172.30.0.0/26
|
|
- 172.31.1.0/24
|
|
rules:
|
|
- domain: paperless.pyrocufflink.blue
|
|
policy: two_factor
|
|
- domain: scan.pyrocufflink.blue
|
|
networks:
|
|
- internal
|
|
policy: bypass
|
|
|
|
authentication_backend:
|
|
ldap:
|
|
base_dn: DC=pyrocufflink,DC=blue
|
|
implementation: activedirectory
|
|
tls:
|
|
minimum_version: TLS1.2
|
|
url: ldaps://pyrocufflink.blue
|
|
user: CN=svc.authelia,CN=Users,DC=pyrocufflink,DC=blue
|
|
|
|
identity_providers:
|
|
oidc:
|
|
clients:
|
|
- id: e20a50c2-55eb-4cb1-96ce-fe71c61c1d89
|
|
description: Jenkins
|
|
secret: >-
|
|
$argon2id$v=19$m=65536,t=3,p=4$qoo6+3ToLbsZOI/BxcppGw$srNBfpIHqpxLh+VfVNNe27A1Ci9dCKLfB8rWXLNkv44
|
|
redirect_uris:
|
|
- https://jenkins.pyrocufflink.blue/securityRealm/finishLogin
|
|
scopes:
|
|
- openid
|
|
- groups
|
|
- profile
|
|
- email
|
|
- offline_access
|
|
authorization_policy: one_factor
|
|
- id: kubernetes
|
|
description: Kubernetes
|
|
public: true
|
|
redirect_uris:
|
|
- http://localhost:8000
|
|
- http://localhost:18000
|
|
authorization_policy: one_factor
|
|
|
|
log:
|
|
level: trace
|
|
|
|
notifier:
|
|
smtp:
|
|
disable_require_tls: true
|
|
host: mail.pyrocufflink.blue
|
|
port: 25
|
|
sender: auth@pyrocufflink.net
|
|
|
|
session:
|
|
domain: pyrocufflink.blue
|
|
expiration: 1d
|
|
inactivity: 4h
|
|
|
|
storage:
|
|
local:
|
|
path: /var/lib/authelia/db.sqlite3
|