home/kubernetes-deployments
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

authelia: enable 2fa

Browse source 
authelia: configure SMTP for notifications
This commit is contained in:
Pim Kunis 2025-02-06 10:55:05 +01:00
parent b5fdd14ea6
commit 05f020ecb3
2 changed files with 34 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
modules/authelia.nix
View file

@ -47,10 +47,23 @@
key = "users"; key = "users";
path = "users"; path = "users";
} }
{
key = "smtpPassword";
path = "smtpPassword";
}
]; ];
configMap = { configMap = {
access_control.default_policy = "one_factor"; access_control = {
default_policy = "one_factor";
rules = [
{
domain = "cyberchef.kun.is";
policy = "two_factor";
}
];
};
authentication_backend = { authentication_backend = {
password_reset.disable = true; password_reset.disable = true;
@ -90,9 +103,21 @@
]; ];
}; };
notifier.filesystem = { notifier = {
filesystem.enabled = false;
smtp = {
enabled = true; enabled = true;
filename = "/tmp/notifications.txt"; address = "submission://mail.smtp2go.com:2525";
identifier = "auth.kun.is";
sender = "Authelia <authelia@kun.is>";
username = "uxY88HYzbBTAoWYm4PUxpT76u";
password = {
secret_name = "authelia";
path = "smtpPassword";
};
};
}; };
}; };
}; };
@ -113,6 +138,7 @@
secrets.authelia.stringData = { secrets.authelia.stringData = {
storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage"; storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage";
session = "ref+sops://secrets.yml#/authelia/encryption_keys/session"; session = "ref+sops://secrets.yml#/authelia/encryption_keys/session";
smtpPassword = "ref+sops://secrets.yml#/authelia/smtpPassword";
users = "ref+sops://secrets.yml#/authelia/users"; users = "ref+sops://secrets.yml#/authelia/users";
}; };
}; };

7
secrets.yml
View file

@ -33,7 +33,8 @@ authelia:
encryption_keys: encryption_keys:
storage: ENC[AES256_GCM,data:RbD5StdFItHooBt/ESeAqnBRWV8USKedplz9cnZTA5K9k2EIE99yDdwkL+UNpRjN5oTImqQtWo3ESuBiq439ftSMeMyWT++qkV3ImbPOEYInLPdwHTxb28CC5zbY3FGH+GdB5q9V3zK+Pofslw6BMCsoL++tV8EWjX2isCfkWSk=,iv:e83TCcMW2qEc+R2E8209dhRUJvLZw2MPu4IWMSQVMy8=,tag:opewKZtNr4VT5Gj9l9B71Q==,type:str] storage: ENC[AES256_GCM,data:RbD5StdFItHooBt/ESeAqnBRWV8USKedplz9cnZTA5K9k2EIE99yDdwkL+UNpRjN5oTImqQtWo3ESuBiq439ftSMeMyWT++qkV3ImbPOEYInLPdwHTxb28CC5zbY3FGH+GdB5q9V3zK+Pofslw6BMCsoL++tV8EWjX2isCfkWSk=,iv:e83TCcMW2qEc+R2E8209dhRUJvLZw2MPu4IWMSQVMy8=,tag:opewKZtNr4VT5Gj9l9B71Q==,type:str]
session: ENC[AES256_GCM,data:N50TuHkiOvjxbhTzwy7cjYSyMM9txYCas8x+zEhC2vshWi4pD0dHNDVz90jS0waDYAKLxTMYUT9v9zpkXoQ+X2VWa+tzDU3IWixclHktew/ufWN7nXCRBCW/ZEw8Tm4bB61GTalXfpra3q8Z88bMhGcEfaCiHwfnMbhVn5jjQtM=,iv:QPTVCPzuLAZI06rRPCLYiyW/hd3P/r/nxocI4u3qRtk=,tag:1oqJoQedqGsln48jQphENw==,type:str] session: ENC[AES256_GCM,data:N50TuHkiOvjxbhTzwy7cjYSyMM9txYCas8x+zEhC2vshWi4pD0dHNDVz90jS0waDYAKLxTMYUT9v9zpkXoQ+X2VWa+tzDU3IWixclHktew/ufWN7nXCRBCW/ZEw8Tm4bB61GTalXfpra3q8Z88bMhGcEfaCiHwfnMbhVn5jjQtM=,iv:QPTVCPzuLAZI06rRPCLYiyW/hd3P/r/nxocI4u3qRtk=,tag:1oqJoQedqGsln48jQphENw==,type:str]
users: ENC[AES256_GCM,data:Bstr2ZYDwUdcw0AXG/UxRcabEOk2k/cix+L73IHQugmSNG2wGSNbDhZdvPxLbyZcxlpa7MU9o63YIjk+f+5zl7NZsARSw1NSUtrXzk62mz/lvQzGW+gZXIG78Q5vLOp652xFRwt0L/5x3wEoP64T6E3AMn23sfntf/OA04CMCbeleTkR+MzeLD+k1A2qHb7zZV7k44IMHToBOkZ15ICfZ27wN7NWOoQ+cqlJeKQWSG34I0DWW+iKjnT4H5YIcSWlLSEhA7c2pzxzkPmxwgnLCIyCXF1WesIUqxor3klpYGkW9A==,iv:3bJOTCAW2QWmNQgX3duXLQGki1FoaJ1aZvDXvX0T2Z0=,tag:kbiDE0M7KQRuyV9PiIg0Vw==,type:str] smtpPassword: ENC[AES256_GCM,data:Zd2F237gWaL555lf022zjr7VHVcAFUyFxg==,iv:ka8YuGFclNrWV1U0g2ERypiKy6rN5ppPIVlsjBqkFrI=,tag:e+5fO6VR1z1cqYTXJ6Yo+Q==,type:str]
users: ENC[AES256_GCM,data:Az1vmno1PPpFAqIpZKiMtdAP5TqgoCSzu+x2P3eI2h4C+FPbdRjQrnybpLdKRmaQaVvfGS8p4+RbM8jF1H4sSgAZRcBQIzanWtW4fl+KK4aHxPmRIbH75bGUGnSK8u94jCYMotll5tpMbkR+st6xEkh+IkPz+CSIopZ1o6VeFu9od7qJ2LBwnl+FzZp3XFoLXHLNFf4J01gUwtlxvbLHOD5tFxOFHXDi/CKsYJOBr3m9wUoHKGwaeuYpNfy+3C5dcwf0eiXOkxYyjwjlxQ0MumcyzSdVBCTWJRRTwFa1akw6P/sl0Cdw/9GL83zBGLSfFK+DaIaHzG+h51KcELj9lVbNHPbC1UwRnwy0SdxYXiPz7Y8R9J/u5wI5eyyimDtJp83+c4eqOO7+animxUJ8EIuKEiUPMr5mQg0KtK5P3jTu/wZuGgxdqi1nR44+UHKmWrD62qDwjcjv60RDlQxcm4dBOL3wCaV7V8K5UBF0UhiyA2/N0XFHLnibQ1LS/vRfgXjrsjZ6JYzVeY7mDCGa0Kb4NkJJLeMvEEmwsw9sGst9um1w7AQevQPowBST4nkRVdb12JGWrq4S77gDa19Qbm2a0z5XvwvEq1C/47OOEDoSFh/uY2Ycn8tOIZw7S53h5z++cAVKBgYAFVI0fw==,iv:9hm49dFfD6O0YV5YdyXqyiU1vjSHNuH4/+JcXiN+PWI=,tag:jM6atf1M0cgDcAiFOd626Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -58,8 +59,8 @@ sops:
azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68 azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68
UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw== UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-05T16:59:14Z" lastmodified: "2025-02-06T09:44:26Z"
mac: ENC[AES256_GCM,data:hfH7il2xkxaz+Uzv4V4BaLv3RnS4nmAic2G4RVJmB7jc9mEBthcPdf0OPo6pXZ14YqVgfzsR3zNdqnaPwPIks07BZ27zo7pKvpdiJACGi6RXIpJwzgd3bwrVm5P11gBmPZbMv+vkoTVNl3EENOOKsfqoDNI3/Pwj6fXSWIJ5m1o=,iv:d3K/3gOLpo8bd6JfpiYhC/KHU/SsgQ9vSgc5lYvkdhk=,tag:PAB+jDOnP1z9IiR5gHdImA==,type:str] mac: ENC[AES256_GCM,data:1KuTjnTtXftuVzE18ULskydigmLavdy740+/K0PN7p8FSJ7IKU1XP9L93mmxoQOFN1MrVl7ENrY0Wu9/UOG6xSK0S3HcfQKyO8i0Jtgj1tUodcWR/kb7BTwJ3oylQ5xXnHd2rdlaE1y3ZfarFvZqokBsNyux0t9tZYGcRA5W6ZQ=,iv:hnHbV2oNeFu+EJXZS39oa7QMOSL9tuHCVpvjIg6TSFk=,tag:4EijW78hQ4IHb6atatJktQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.2