blob: 8a345b26b599b94a74a139419a3ee14fc916beb3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
{ config, ... }:
{
age.secrets = {
authelia-storage-key = {
file = ../secrets/authelia-storage-key.age;
owner = "authelia-main";
};
authelia-jwt-key = {
file = ../secrets/authelia-jwt-key.age;
owner = "authelia-main";
};
authelia-users = {
file = ../secrets/authelia-users.yaml.age;
owner = "authelia-main";
};
authelia-jwks = {
file = ../secrets/authelia-jwks.age;
owner = "authelia-main";
};
};
services.authelia.instances.main = {
enable = true;
secrets.jwtSecretFile = config.age.secrets."authelia-jwt-key".path;
secrets.oidcIssuerPrivateKeyFile = config.age.secrets."authelia-jwks".path;
secrets.storageEncryptionKeyFile = config.age.secrets."authelia-storage-key".path;
settings = {
server.address = "tcp://:9092";
default_2fa_method = "totp";
notifier.filesystem.filename = "/var/lib/authelia-main/notification.txt";
authentication_backend = {
file.path = config.age.secrets."authelia-users".path;
};
access_control.default_policy = "one_factor";
session.domain = "fcuny.net";
storage = {
local = {
path = "/var/lib/authelia-main/db.sqlite3";
};
};
identity_providers.oidc = {
clients = [
{
id = "miniflux";
description = "Miniflux RSS";
secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw";
redirect_uris = [ "https://reader.fcuny.net/oauth2/oidc/callback" ];
scopes = [
"openid"
"email"
"profile"
];
}
];
};
};
};
networking.firewall.allowedTCPPorts = [ 9092 ];
}
|
