blob: b5d2c941cc00c44d8cca9e48f6f0b7b0e7cfc50e (
plain) (
tree)
|
|
{ config, ... }:
{
age.secrets = {
authelia-storage-key = {
file = ../secrets/authelia-storage-key.age;
owner = "authelia-main";
};
authelia-jwt-key = {
file = ../secrets/authelia-jwt-key.age;
owner = "authelia-main";
};
authelia-users = {
file = ../secrets/authelia-users.yaml.age;
owner = "authelia-main";
};
authelia-jwks = {
file = ../secrets/authelia-jwks.age;
owner = "authelia-main";
};
};
services.authelia.instances.main = {
enable = true;
secrets.jwtSecretFile = config.age.secrets."authelia-jwt-key".path;
secrets.oidcIssuerPrivateKeyFile = config.age.secrets."authelia-jwks".path;
secrets.storageEncryptionKeyFile = config.age.secrets."authelia-storage-key".path;
settings = {
server.address = "tcp://:9092";
default_2fa_method = "totp";
notifier.filesystem.filename = "/var/lib/authelia-main/notification.txt";
authentication_backend = {
file.path = config.age.secrets."authelia-users".path;
};
access_control.default_policy = "one_factor";
session.domain = "fcuny.net";
storage = {
local = {
path = "/var/lib/authelia-main/db.sqlite3";
};
};
};
};
networking.firewall.allowedTCPPorts = [ 9092 ];
}
|
