onjen/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Authelia

Browse Source
This commit is contained in:
Johannes Rothe 2024-11-19 21:00:51 +01:00
parent d6ac70abab
commit 8531d066ad
1 changed files with 85 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
vps-configuration.nix
View File

@ -25,6 +25,85 @@
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = [ "tailscale0" ];
}; };
services.authelia.instances.main = {
enable = true;
secrets = {
jwtSecretFile = "${pkgs.writeText "jwtSecretFile" "supersecretkeyissupersecret"}";
storageEncryptionKeyFile = "${pkgs.writeText "storageEncryptionKeyFile" "supersecretkeyissupersecret"}";
sessionSecretFile = "${pkgs.writeText "sessionSecretFile" "supersecretkeyissupersecret"}";
};
settings = {
theme = "auto";
default_redirection_url = "https://auth.johannes-rothe.de";
server = {
host = "127.0.0.1";
port = 9091;
};
log = {
level = "debug";
format = "text";
};
authentication_backend = {
#file = {
# path = "/var/lib/authelia-main/users_database.yml";
#};
};
access_control = {
default_policy = "one_factor";
rules = [
#{
# domain = ["auth.example.com"];
# policy = "bypass";
#}
#{
# domain = ["*.example.com"];
# policy = "one_factor";
#}
];
};
session = {
name = "authelia_session";
expiration = "12h";
inactivity = "45m";
remember_me_duration = "1M";
domain = "example.com";
redis.host = "/run/redis-authelia-main/redis.sock";
};
regulation = {
max_retries = 3;
find_time = "5m";
ban_time = "15m";
};
storage = {
local = {
path = "/var/lib/authelia-main/db.sqlite3";
};
};
notifier = {
disable_startup_check = false;
filesystem = {
filename = "/var/lib/authelia-main/notification.txt";
};
};
};
};
services.redis.servers.authelia-main = {
enable = true;
user = "authelia-main";
port = 0;
unixSocket = "/run/redis-authelia-main/redis.sock";
unixSocketPerm = 600;
};
services.headscale = { services.headscale = {
enable = true; enable = true;
address = "0.0.0.0"; address = "0.0.0.0";
@ -46,6 +125,9 @@
"www.johannes-rothe.de".extraConfig = '' "www.johannes-rothe.de".extraConfig = ''
reverse_proxy base:11112 reverse_proxy base:11112
''; '';
"auth.johannes-rothe.de".extraConfig = ''
reverse_proxy localhost:9091
'';
"cloud.johannes-rothe.de".extraConfig = '' "cloud.johannes-rothe.de".extraConfig = ''
reverse_proxy base:5002 reverse_proxy base:5002
''; '';
@ -55,9 +137,9 @@
"git.johannes-rothe.de".extraConfig = '' "git.johannes-rothe.de".extraConfig = ''
reverse_proxy base:3001 reverse_proxy base:3001
''; '';
#"headscale.johannes-rothe.de".extraConfig = '' "headscale.johannes-rothe.de".extraConfig = ''
# reverse_proxy base:5232 reverse_proxy localhost:8080
#''; '';
"radicale.johannes-rothe.de".extraConfig = '' "radicale.johannes-rothe.de".extraConfig = ''
reverse_proxy base:5232 reverse_proxy base:5232
''; '';