add authelia

clusters/ipv6/tools/authelia/authelia-config.yml

@@ -0,0 +1,115 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: authelia-config
+  namespace: tools
+data:
+  configuration.yaml: |
+    server:
+      address: 'tcp4://:9091'
+      buffers:
+        read: 16384
+    log:
+      level: info 
+      file_path: ''
+      keep_stdout: true
+
+    identity_validation:
+      elevated_session:
+        require_second_factor: true
+      reset_password:
+        jwt_lifespan: '5 minutes'
+
+    theme: dark
+
+    totp:
+      disable: false
+      issuer: 'akshun-lab.cc'
+      period: 30
+      skew: 1
+      algorithm: 'sha1'
+      digits: 6
+      secret_size: 32
+      allowed_algorithms:
+        - 'SHA1'
+      allowed_digits:
+        - 6
+      allowed_periods:
+        - 30
+      disable_reuse_security_policy: false
+
+    password_policy:
+      zxcvbn:
+        enabled: true
+        min_score: 4
+
+    authentication_backend:
+      file:
+        path: '/config/users.yml'
+        password:
+          algorithm: 'argon2'
+          argon2:
+            variant: 'argon2id'
+            iterations: 3
+            memory: 65535
+            parallelism: 4
+            key_length: 32
+            salt_length: 16
+
+    access_control:
+      default_policy: 'deny'
+      rules:
+        - domain: 'auth.akshun-lab.cc'
+          policy: bypass
+        - domain: 'invidious.akshun-lab.cc'
+          resources: '^/(api/v1|feed|videoplayback|vi/.+\.(jpg|webp)|ggpht|latest_version|sb)'
+          policy: bypass
+        - domain: 'immich.akshun-lab.cc'
+          policy: bypass
+        - domain: 'jellyfin.akshun-lab.cc'
+          policy: bypass
+        - domain: 'gitea.akshun-lab.cc'
+          policy: bypass
+        - domain: 'nextcloud.akshun-lab.cc'
+          policy: bypass
+        - domain: 'collabora.akshun-lab.cc'
+          policy: bypass
+        - domain: 'vw.akshun-lab.cc'
+          policy: bypass
+        - domain: '*.akshun-lab.cc'
+          policy: two_factor
+    
+    session:
+      name: 'authelia_session'
+      cookies:
+        - domain: 'akshun-lab.cc'
+          authelia_url: 'https://auth.akshun-lab.cc'
+
+    regulation:
+      max_retries: 4
+      find_time: 120
+      ban_time: 300
+
+    storage:
+      local:
+        path: '/config/db.sqlite3'
+
+    notifier:
+      disable_startup_check: false
+      smtp:
+        address: submissions://smtp.gmail.com:465
+        username: aggarwalakshun@gmail.com
+        sender: aggarwalakshun@gmail.com
+        identifier: localhost
+        subject: "[Authelia] {title}"
+        startup_check_address: aggarwalakshun@gmail.com
+        disable_require_tls: false
+        disable_html_emails: false
+        tls:
+          skip_verify: false
+          minimum_version: TLS1.2
+    ntp:
+      address: 'time.google.com:123'
+      version: 4
+      max_desync: '3s'
+      disable_startup_check: false