services: add Authelia

authelia/authelia.env

@@ -0,0 +1,4 @@
+TZ=Europe/Paris
+AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/config/secrets/smtp
+AUTHELIA_JWT_SECRET_FILE=/config/secrets/jwt
+AUTHELIA_SESSION_SECRET_FILE=/config/secrets/session

authelia/configuration.yml

@@ -0,0 +1,49 @@
+host: 0.0.0.0
+port: 9091
+log_level: debug
+# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
+#jwt_secret: a_very_important_secret
+default_redirection_url: https://belanyi.fr
+totp:
+  issuer: authelia.belanyi.fr
+
+authentication_backend:
+  file:
+    path: /config/users_database.yml
+    password:
+      algorithm: argon2id
+      iterations: 1
+      salt_length: 16
+      parallelism: 8
+      memory: 1024
+
+access_control:
+  default_policy: two_factor
+  rules:
+    # Declare domain and policy for an override
+
+session:
+  name: authelia_session
+  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
+  #secret: unsecure_session_secret
+  expiration: 3600 # 1 hour
+  inactivity: 300 # 5 minutes
+  domain: belanyi.fr # Should match whatever your root protected domain is
+
+regulation:
+  max_retries: 3
+  find_time: 120
+  ban_time: 300
+
+storage:
+  local:
+    path: /config/db.sqlite3
+
+notifier:
+  smtp:
+    username: brunobelanyi@gmail.com
+    # Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
+    #password: yourapppassword
+    sender: authelia@belanyi.fr
+    host: smtp.gmail.com
+    port: 587

authelia/users_database.yml

@@ -0,0 +1,8 @@
+users:
+  Ambroisie:
+    displayname: "Bruno BELANYI"
+    password: "$argon2id$v=19$m=1048576,p=8$IcNVZ732CMoCSof6$h5zBFhd3t1d9Mx11uW+BahR6kGAaN59RQZwW9i3Nq9Q"
+    email: brunobelanyi@gmail.com
+    groups:
+      - admins
+      - dev