authelia: enable 2fa

authelia: configure SMTP for notifications

modules/authelia.nix

@@ -47,10 +47,23 @@
               key = "users";
               path = "users";
             }
+            {
+              key = "smtpPassword";
+              path = "smtpPassword";
+            }
           ];
 
           configMap = {
-            access_control.default_policy = "one_factor";
+            access_control = {
+              default_policy = "one_factor";
+
+              rules = [
+                {
+                  domain = "cyberchef.kun.is";
+                  policy = "two_factor";
+                }
+              ];
+            };
 
             authentication_backend = {
               password_reset.disable = true;
@@ -90,9 +103,21 @@
               ];
             };
 
-            notifier.filesystem = {
-              enabled = true;
-              filename = "/tmp/notifications.txt";
+            notifier = {
+              filesystem.enabled = false;
+
+              smtp = {
+                enabled = true;
+                address = "submission://mail.smtp2go.com:2525";
+                identifier = "auth.kun.is";
+                sender = "Authelia <authelia@kun.is>";
+                username = "uxY88HYzbBTAoWYm4PUxpT76u";
+
+                password = {
+                  secret_name = "authelia";
+                  path = "smtpPassword";
+                };
+              };
             };
           };
         };
@@ -113,6 +138,7 @@
         secrets.authelia.stringData = {
           storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage";
           session = "ref+sops://secrets.yml#/authelia/encryption_keys/session";
+          smtpPassword = "ref+sops://secrets.yml#/authelia/smtpPassword";
           users = "ref+sops://secrets.yml#/authelia/users";
         };
       };