Skull-IT/iac_stack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iac_stack/ansible/roles/deploy_container_authelia/defaults/main.yml

115 lines
4.9 KiB
YAML
Raw Normal View History

Add Container Authelia
2025-07-18 11:20:51 +02:00
############
# Authelia #
############
# ---------------------
# General Configuration
# ---------------------
container_authelia_version: latest # Authelia container image tag/version
container_authelia_domain: authelia.example.com # Fully Qualified Domain Name (FQDN) for Authelia
add theme selection
2025-07-18 23:32:54 +02:00
container_authelia_theme: "dark" # dark, light or grey theme
Add Container Authelia
2025-07-18 11:20:51 +02:00
# ---------------------
# Server Settings
# ---------------------
container_authelia_server_port: 9091 # Port on which Authelia will listen
# ---------------------
# Logging
# ---------------------
container_authelia_log_level: debug # Log level: trace, debug, info, warn, error
container_authelia_log_file_path: /var/log/authelia/authelia.log # Path to log file
container_authelia_log_keep_stdout: true # Also log to STDOUT (recommended for containers)
# ---------------------
# Identity Validation / Password Reset
# ---------------------
container_authelia_elevated_session_2fa: true # Require 2FA for elevated sessions
container_authelia_jwt_lifespan: "5 minutes" # Expiration time for password reset links
container_authelia_jwt_secret: "nyt4JDvuhU6SGp7H0vaEs0rfGETjI26fRQPJZzwdWPuXsmHdAun2hryiJDyDPRuC" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric
# ---------------------
# TOTP (Two-Factor Authentication)
# ---------------------
container_authelia_totp_disable: false # Disable TOTP (false = enabled)
container_authelia_totp_issuer: example.com # Issuer name shown in authenticator apps
container_authelia_totp_period: 30 # Time interval in seconds
container_authelia_totp_skew: 1 # Allowed time drift (in periods)
# ---------------------
# Password Policy (Zxcvbn)
# ---------------------
container_authelia_zxcvbn_enabled: true # Enable password strength validation
container_authelia_zxcvbn_min_score: 4 # Minimum strength score (04)
# ---------------------
# Authentication Backend (File-based)
# ---------------------
container_authelia_auth_file_path: /config/users.yml # Path to user configuration file
container_authelia_auth_algorithm: argon2 # Password hashing algorithm
container_authelia_auth_argon2_variant: argon2id
container_authelia_auth_argon2_iterations: 3
container_authelia_auth_argon2_memory: 65535
container_authelia_auth_argon2_parallelism: 4
container_authelia_auth_argon2_key_length: 32
container_authelia_auth_argon2_salt_length: 16
# ---------------------
# Access Control
# ---------------------
container_authelia_access_default_policy: deny # Default access policy (deny/one_factor/two_factor)
container_authelia_access_rules:
- domain: "traefik.example.com"
policy: "one_factor"
- domain: "whoami-secure.example.com"
policy: "two_factor"
# ---------------------
# Session Configuration
# ---------------------
container_authelia_session_name: authelia_session # Name of the session cookie
container_authelia_session_key: "zB3d7gTWVbhB5jFQVkjtxfhVZ4aEaFwKHWNa81jjqSL7JgV5HmqOAULDhlJA0muI" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric
container_authelia_session_cookies:
- domain: "example.com"
authelia_url: "https://auth.example.com"
# ---------------------
# Security Regulation (Brute Force Protection)
# ---------------------
container_authelia_regulation_max_retries: 4 # Max failed login attempts before ban
container_authelia_regulation_find_time: 120 # Time window to count failed attempts (in seconds)
container_authelia_regulation_ban_time: 300 # Ban duration after reaching retry limit (in seconds)
# ---------------------
# Storage
# ---------------------
container_authelia_storage_encryption_key: "B4g3XlMfiBJPUXqrZmxfE1CccUASi1r2Cxpr8q9QbmQ3Rvx1RDJvZ1J3DTqkR2a5" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric
container_authelia_storage_path: /config/db.sqlite3 # Path to SQLite storage file
# ---------------------
# Notifications
# ---------------------
container_authelia_notifier_disable_startup_check: false # Disable notifier startup check (recommended: false)
container_authelia_notifier_file: /config/notification.txt # File path used for file-based notifications
# ---------------------
# User Configuration (for file-based backend)
# ---------------------
# !! SECURITY WARNING !!:
# Passwords must always be hashed (argon2, bcrypt, sha512, etc.).
# Never store plain-text passwords in production.
# Use this guide to generate secure hashes:
# https://www.authelia.com/reference/guides/passwords/#passwords
container_authelia_users:
- username: authelia
displayname: 'Authelia User'
# docker run --rm -it authelia/authelia:latest authelia crypto hash generate argon2
# !! Replace the password with a secure hashed password
password: '$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/'
email: 'authelia@authelia.com'
groups:
- 'admin'
- 'dev'
Reference in a new issue Copy permalink