infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
kubernetes/authelia/configuration.yml

171 lines
4.0 KiB
YAML
Raw Blame History

access_control:
default_policy: one_factor
networks:
- name: internal
networks:
- 172.30.0.0/26
- 172.31.1.0/24
rules:
- domain: paperless.pyrocufflink.blue
policy: two_factor
subject:
- 'group:Paperless-ngx Users'
- domain: paperless.pyrocufflink.blue
policy: deny
- domain: firefly.pyrocufflink.blue
resources:
- '^/api/'
policy: bypass
- domain: firefly.pyrocufflink.blue
policy: two_factor
subject:
- 'group:Firefly III Users'
- domain: firefly-importer.pyrocufflink.blue
policy: two_factor
subject:
- 'group:Firefly III Users'
- domain: firefly-importer.pyrocufflink.blue
policy: one_factor
subject:
- 'user:svc.xactfetch'
- domain: firefly.pyrocufflink.blue
policy: deny
- domain: firefly-importer.pyrocufflink.blue
policy: deny
- domain: scan.pyrocufflink.blue
networks:
- internal
policy: bypass
- domain: metrics.pyrocufflink.blue
networks:
- internal
resources:
- '^/alertmanager([/?].*)?$'
methods:
- GET
- HEAD
- OPTIONS
policy: bypass
- domain: hlcforms.pyrocufflink.blue
resources:
- '^/submit/.*'
policy: bypass
authentication_backend:
ldap:
base_dn: DC=pyrocufflink,DC=blue
implementation: activedirectory
tls:
minimum_version: TLS1.2
url: ldaps://pyrocufflink.blue
user: CN=svc.authelia,CN=Users,DC=pyrocufflink,DC=blue
certificates_directory: /run/authelia/certs
identity_providers:
oidc:
clients:
- id: e20a50c2-55eb-4cb1-96ce-fe71c61c1d89
description: Jenkins
secret: >-
$argon2id$v=19$m=65536,t=3,p=4$qoo6+3ToLbsZOI/BxcppGw$srNBfpIHqpxLh+VfVNNe27A1Ci9dCKLfB8rWXLNkv44
redirect_uris:
- https://jenkins.pyrocufflink.blue/securityRealm/finishLogin
scopes:
- openid
- groups
- profile
- email
- offline_access
authorization_policy: one_factor
pre_configured_consent_duration: 8h
token_endpoint_auth_method: client_secret_post
- id: kubernetes
description: Kubernetes
public: true
redirect_uris:
- http://localhost:8000
- http://localhost:18000
authorization_policy: one_factor
pre_configured_consent_duration: 8h
- id: 1b6adbfc-d9e0-4cab-b780-e410639dc420
description: MinIO
secret: >-
$pbkdf2-sha512$310000$TkQ1BwLrr.d8AVGWk2rLhA$z4euAPhkkZdjcxKFD3tZRtNQ/R78beW7epJ.BGFWSwQdAme5TugNj9Ba.aL5TEqrBDmXRW0xiI9EbxSszckG5A
redirect_uris:
- https://burp.pyrocufflink.blue:9090/oauth_callback
- id: step-ca
description: step-ca
public: true
redirect_uris:
- http://127.0.0.1
pre_configured_consent_duration: 8h
- id: argocd
description: Argo CD
pre_configured_consent_duration: 8h
redirect_uris:
- https://argocd.pyrocufflink.blue/auth/callback
secret: >-
$pbkdf2-sha512$310000$l/uOezgWjqe3boGLYAnKcg$uqn1FC8Lj2y1NG5Q91PeLfLLUQ.qtlKFLd0AWJ56owLME9mV/Zx8kQ2x7OS/MOoMLmUgKd4zogYKab2HGFr0kw
- id: argocd-cli
description: argocd CLI
public: true
pre_configured_consent_duration: 8h
audience:
- argocd-cli
redirect_uris:
- http://localhost:8085/auth/callback
scopes:
- openid
- profile
- email
- groups
- offline_access
- id: sshca
description: SSHCA
public: true
pre_configured_consent_duration: 4h
redirect_uris:
- http://127.0.0.1
scopes:
- openid
- profile
- email
- groups
log:
level: info
notifier:
smtp:
disable_require_tls: true
host: mail.pyrocufflink.blue
port: 25
sender: auth@pyrocufflink.net
session:
domain: pyrocufflink.blue
expiration: 1d
inactivity: 4h
redis:
host: redis
port: 6379
server:
buffers:
read: 16384
storage:
postgres:
host: default.postgresql
database: authelia
username: authelia.authelia
tls:
skip_verify: false
telemetry:
metrics:
enabled: true
theme: auto
View Git Blame Copy Permalink