Skull-IT/iac_stack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iac_stack/ansible/roles/deploy_container_authelia/defaults/main.yml
= 3be638bfed add theme selection
2025-07-18 23:32:54 +02:00

114 lines
4.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

############
# Authelia #
############
# ---------------------
# General Configuration
# ---------------------
container_authelia_version: latest # Authelia container image tag/version
container_authelia_domain: authelia.example.com # Fully Qualified Domain Name (FQDN) for Authelia
container_authelia_theme: "dark" # dark, light or grey theme
# ---------------------
# Server Settings
# ---------------------
container_authelia_server_port: 9091 # Port on which Authelia will listen
# ---------------------
# Logging
# ---------------------
container_authelia_log_level: debug # Log level: trace, debug, info, warn, error
container_authelia_log_file_path: /var/log/authelia/authelia.log # Path to log file
container_authelia_log_keep_stdout: true # Also log to STDOUT (recommended for containers)
# ---------------------
# Identity Validation / Password Reset
# ---------------------
container_authelia_elevated_session_2fa: true # Require 2FA for elevated sessions
container_authelia_jwt_lifespan: "5 minutes" # Expiration time for password reset links
container_authelia_jwt_secret: "nyt4JDvuhU6SGp7H0vaEs0rfGETjI26fRQPJZzwdWPuXsmHdAun2hryiJDyDPRuC" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric
# ---------------------
# TOTP (Two-Factor Authentication)
# ---------------------
container_authelia_totp_disable: false # Disable TOTP (false = enabled)
container_authelia_totp_issuer: example.com # Issuer name shown in authenticator apps
container_authelia_totp_period: 30 # Time interval in seconds
container_authelia_totp_skew: 1 # Allowed time drift (in periods)
# ---------------------
# Password Policy (Zxcvbn)
# ---------------------
container_authelia_zxcvbn_enabled: true # Enable password strength validation
container_authelia_zxcvbn_min_score: 4 # Minimum strength score (04)
# ---------------------
# Authentication Backend (File-based)
# ---------------------
container_authelia_auth_file_path: /config/users.yml # Path to user configuration file
container_authelia_auth_algorithm: argon2 # Password hashing algorithm
container_authelia_auth_argon2_variant: argon2id
container_authelia_auth_argon2_iterations: 3
container_authelia_auth_argon2_memory: 65535
container_authelia_auth_argon2_parallelism: 4
container_authelia_auth_argon2_key_length: 32
container_authelia_auth_argon2_salt_length: 16
# ---------------------
# Access Control
# ---------------------
container_authelia_access_default_policy: deny # Default access policy (deny/one_factor/two_factor)
container_authelia_access_rules:
- domain: "traefik.example.com"
policy: "one_factor"
- domain: "whoami-secure.example.com"
policy: "two_factor"
# ---------------------
# Session Configuration
# ---------------------
container_authelia_session_name: authelia_session # Name of the session cookie
container_authelia_session_key: "zB3d7gTWVbhB5jFQVkjtxfhVZ4aEaFwKHWNa81jjqSL7JgV5HmqOAULDhlJA0muI" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric
container_authelia_session_cookies:
- domain: "example.com"
authelia_url: "https://auth.example.com"
# ---------------------
# Security Regulation (Brute Force Protection)
# ---------------------
container_authelia_regulation_max_retries: 4 # Max failed login attempts before ban
container_authelia_regulation_find_time: 120 # Time window to count failed attempts (in seconds)
container_authelia_regulation_ban_time: 300 # Ban duration after reaching retry limit (in seconds)
# ---------------------
# Storage
# ---------------------
container_authelia_storage_encryption_key: "B4g3XlMfiBJPUXqrZmxfE1CccUASi1r2Cxpr8q9QbmQ3Rvx1RDJvZ1J3DTqkR2a5" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric
container_authelia_storage_path: /config/db.sqlite3 # Path to SQLite storage file
# ---------------------
# Notifications
# ---------------------
container_authelia_notifier_disable_startup_check: false # Disable notifier startup check (recommended: false)
container_authelia_notifier_file: /config/notification.txt # File path used for file-based notifications
# ---------------------
# User Configuration (for file-based backend)
# ---------------------
# !! SECURITY WARNING !!:
# Passwords must always be hashed (argon2, bcrypt, sha512, etc.).
# Never store plain-text passwords in production.
# Use this guide to generate secure hashes:
# https://www.authelia.com/reference/guides/passwords/#passwords
container_authelia_users:
- username: authelia
displayname: 'Authelia User'
# docker run --rm -it authelia/authelia:latest authelia crypto hash generate argon2
# !! Replace the password with a secure hashed password
password: '$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/'
email: 'authelia@authelia.com'
groups:
- 'admin'
- 'dev'
Reference in a new issue View git blame Copy permalink