Finesse authelia
This commit is contained in:
parent
335849665d
commit
067b0e3cef
|
|
@ -0,0 +1,9 @@
|
||||||
|
* Single Sign-On
|
||||||
|
* [x] Replace simpleauth with somebody else's project
|
||||||
|
* [ ] Set up Forgejo OIDC to Authelia (there's a guide on Authelia's site)
|
||||||
|
* [x] Persist "remember me" across reboots
|
||||||
|
* LDAP restrictions
|
||||||
|
* [x] People can only r/w their own storage
|
||||||
|
* [x] Public storage
|
||||||
|
* [x] Per-Group storage
|
||||||
|
* [ ] Media-Sucker secure setup (bind to 0.0.0.0 opens to internet)
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
log:
|
log:
|
||||||
level: trace # error, warn, [info], debug, trace
|
level: info # error, warn, [info], debug, trace
|
||||||
authentication_backend:
|
authentication_backend:
|
||||||
password_reset:
|
password_reset:
|
||||||
disable: true
|
disable: true
|
||||||
|
|
@ -10,11 +10,53 @@ totp:
|
||||||
session:
|
session:
|
||||||
domain: woozle.org
|
domain: woozle.org
|
||||||
same_site: strict
|
same_site: strict
|
||||||
|
redis:
|
||||||
|
host: redis
|
||||||
|
port: 6379
|
||||||
|
database_index: 1
|
||||||
storage:
|
storage:
|
||||||
local:
|
local:
|
||||||
path: /srv/sys/authelia/db.sqlite3
|
path: /srv/sys/authelia/db.sqlite3
|
||||||
access_control:
|
|
||||||
default_policy: one_factor
|
|
||||||
notifier:
|
notifier:
|
||||||
filesystem:
|
filesystem:
|
||||||
filename: /run/emails.txt
|
filename: /run/emails.txt
|
||||||
|
access_control:
|
||||||
|
default_policy: deny
|
||||||
|
rules:
|
||||||
|
- domain: deergrove.woozle.org
|
||||||
|
policy: one_factor
|
||||||
|
|
||||||
|
- domain: drive.woozle.org
|
||||||
|
policy: bypass
|
||||||
|
methods:
|
||||||
|
- HEAD
|
||||||
|
- GET
|
||||||
|
- PROPFIND
|
||||||
|
resources:
|
||||||
|
- '^/storage/public/'
|
||||||
|
|
||||||
|
- domain: drive.woozle.org
|
||||||
|
policy: one_factor
|
||||||
|
subject:
|
||||||
|
- "group:storage"
|
||||||
|
resources:
|
||||||
|
- '^/incoming/'
|
||||||
|
- '^/media/'
|
||||||
|
- '^/storage/(README.md)?$'
|
||||||
|
- '^/storage/(?P<User>\w+)/'
|
||||||
|
- '^/storage/(?P<Group>\w+)/'
|
||||||
|
- '^/storage/shared/'
|
||||||
|
- '^/storage/public/'
|
||||||
|
|
||||||
|
- domain: drive.woozle.org
|
||||||
|
policy: one_factor
|
||||||
|
methods:
|
||||||
|
- HEAD
|
||||||
|
- GET
|
||||||
|
- PROPFIND
|
||||||
|
resources:
|
||||||
|
- '^/(README.md)?$'
|
||||||
|
- '^/incoming/'
|
||||||
|
- '^/media/'
|
||||||
|
- '^/storage/shared/'
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -60,6 +60,18 @@ services:
|
||||||
source: /srv/sys/authelia
|
source: /srv/sys/authelia
|
||||||
target: /srv/sys/authelia
|
target: /srv/sys/authelia
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:alpine
|
||||||
|
command:
|
||||||
|
- redis-server
|
||||||
|
- --save
|
||||||
|
- "60"
|
||||||
|
- "1"
|
||||||
|
volumes:
|
||||||
|
- type: bind
|
||||||
|
source: /srv/sys/redis
|
||||||
|
target: /data
|
||||||
|
|
||||||
plex:
|
plex:
|
||||||
image: ghcr.io/linuxserver/plex:1.29.2
|
image: ghcr.io/linuxserver/plex:1.29.2
|
||||||
networks:
|
networks:
|
||||||
|
|
@ -308,7 +320,7 @@ configs:
|
||||||
name: deergrove.png-v1
|
name: deergrove.png-v1
|
||||||
authelia.yaml:
|
authelia.yaml:
|
||||||
file: authelia.yaml
|
file: authelia.yaml
|
||||||
name: authelia.yaml-v6
|
name: authelia.yaml-v16
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
passwd:
|
passwd:
|
||||||
|
|
@ -337,7 +349,7 @@ secrets:
|
||||||
name: session.secret-v1
|
name: session.secret-v1
|
||||||
users.yaml:
|
users.yaml:
|
||||||
file: secrets/users.yaml
|
file: secrets/users.yaml
|
||||||
name: users.yaml-v2
|
name: users.yaml-v6
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
hostnet:
|
hostnet:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue