feat: Authelia
This commit is contained in:
uttarayan21
@@ -8,39 +8,48 @@
|
|||||||
factorio-headless
|
factorio-headless
|
||||||
];
|
];
|
||||||
sops = {
|
sops = {
|
||||||
# secrets = {
|
secrets = {
|
||||||
# "authelia/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
"authelia/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||||
# "authelia/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
"authelia/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||||
# };
|
};
|
||||||
};
|
};
|
||||||
services = {
|
services = {
|
||||||
# authelia = {
|
authelia = {
|
||||||
# instances.darksailor = {
|
instances.darksailor = {
|
||||||
# enable = false;
|
enable = true;
|
||||||
# settings = {
|
settings = {
|
||||||
# authentication_backend = {
|
authentication_backend = {
|
||||||
# password_reset.disable = false;
|
password_reset.disable = false;
|
||||||
# file = {};
|
file = {
|
||||||
# };
|
path = "/etc/authelia/users.yml";
|
||||||
# access_control = {
|
};
|
||||||
# default_policy = "one_factor";
|
};
|
||||||
# };
|
session = {
|
||||||
# storage = {
|
cookies = {
|
||||||
# local = {
|
secure = true;
|
||||||
# path = "/var/lib/authelia/darksailor.sqlite3";
|
same_site = "Strict";
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
# theme = "dark";
|
access_control = {
|
||||||
# server = {
|
default_policy = "one_factor";
|
||||||
# address = "127.0.0.1:5555";
|
};
|
||||||
# };
|
storage = {
|
||||||
# };
|
local = {
|
||||||
# secrets = {
|
path = "/var/lib/authelia/darksailor.sqlite3";
|
||||||
# jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
|
};
|
||||||
# storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
|
};
|
||||||
# };
|
theme = "dark";
|
||||||
# };
|
notifier.filesystem.filename = "/var/log/authelia/notifications.txt";
|
||||||
# };
|
server = {
|
||||||
|
address = "127.0.0.1:5555";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
secrets = {
|
||||||
|
jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
|
||||||
|
storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
fail2ban = {
|
fail2ban = {
|
||||||
enable = true;
|
enable = true;
|
||||||
bantime = "24h"; # Ban IPs for one day on the first ban
|
bantime = "24h"; # Ban IPs for one day on the first ban
|
||||||
@@ -51,18 +60,18 @@
|
|||||||
maxtime = "168h"; # Do not ban for more than 1 week
|
maxtime = "168h"; # Do not ban for more than 1 week
|
||||||
overalljails = true; # Calculate the bantime based on all the violations
|
overalljails = true; # Calculate the bantime based on all the violations
|
||||||
};
|
};
|
||||||
jails.apache-nohome-iptables.settings = {
|
# jails.apache-nohome-iptables.settings = {
|
||||||
# Block an IP address if it accesses a non-existent
|
# # Block an IP address if it accesses a non-existent
|
||||||
# home directory more than 5 times in 10 minutes,
|
# # home directory more than 5 times in 10 minutes,
|
||||||
# since that indicates that it's scanning.
|
# # since that indicates that it's scanning.
|
||||||
filter = "apache-nohome";
|
# filter = "apache-nohome";
|
||||||
action = ''iptables-multiport[name=HTTP, port="http,https"]'';
|
# action = ''iptables-multiport[name=HTTP, port="http,https"]'';
|
||||||
logpath = "/var/log/httpd/error_log*";
|
# logpath = "/var/log/httpd/error_log*";
|
||||||
backend = "auto";
|
# backend = "auto";
|
||||||
findtime = 600;
|
# findtime = 600;
|
||||||
bantime = 600;
|
# bantime = 600;
|
||||||
maxretry = 5;
|
# maxretry = 5;
|
||||||
};
|
# };
|
||||||
};
|
};
|
||||||
tailscale = {
|
tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|||||||
Reference in New Issue
Block a user