authelia
Example
{config, ...}: {
authelia = {
enable = true;
jwtSecretFile = config.sops.secrets."authelia/jwt_secret".path;
sessionSecretFile = config.sops.secrets."authelia/session_secret".path;
storageEncryptionKeyFile = config.sops.secrets."authelia/encryption_key".path;
oidc = {
enable = true;
hmacSecretFile = config.sops.secrets."authelia/oidc_hmac_secret".path;
jwksRsaKeyFile = config.sops.secrets."authelia/oidc_rsa_pk".path;
};
sessionProvider = "redis";
};
}Stack Options
nps.stacks.authelia.containers.authelia
Alias of {option}services.podman.containers.authelia.
nps.stacks.authelia.containers.authelia-redis
Alias of {option}services.podman.containers.authelia-redis.
nps.stacks.authelia.crowdsec.enableLogCollection
Whether the container logs should be collected by CrowdSec. Enabling this will configure the acquis settings for CrowdSec.
nps.stacks.authelia.defaultAllowPolicy
Default policy to apply for allowed access. Will be used as a default for Access Control Rules as well as OIDC Authorization Policies if no rules apply.
See
one of "one_factor", "two_factor""one_factor"nps.stacks.authelia.enable
Whether to enable authelia.
nps.stacks.authelia.enableTraefikMiddleware
Wheter to register an authelia middleware for Traefik.
The middleware will utilize the ForwardAuth Authz implementation.
See https://www.authelia.com/integration/proxies/traefik/#implementation
nps.stacks.authelia.jwtSecretFile
Path to the file containing the JWT secret. See https://www.authelia.com/configuration/identity-validation/reset-password/#jwt_secret
nps.stacks.authelia.ldap.passwordFile
The password for the LDAP user that is used when connecting to the LDAP backend.
absolute pathconfig.nps.stacks.lldap.adminPasswordFilenps.stacks.authelia.ldap.username
The username that will be used when binding to the LDAP backend.
stringconfig.nps.stacks.lldap.adminUsernamenps.stacks.authelia.oidc.clients
OIDC client configuration. See https://www.authelia.com/configuration/identity-providers/openid-connect/clients/
attribute set of (open submodule of (YAML 1.1 value)){ }nps.stacks.authelia.oidc.clients.<name>.client_id
This option has no description.
nps.stacks.authelia.oidc.defaultConsentDuration
Default period of how long a users choice to remember the pre-configured consent lasts.
Only has an effect for OIDC clients using the consent_mode pre-configured or auto.
See
nps.stacks.authelia.oidc.enable
Whether to enable OIDC Support.
nps.stacks.authelia.oidc.hmacSecretFile
Path to the file containing the HMAC secret. See https://www.authelia.com/configuration/identity-providers/openid-connect/provider/#hmac_secret
nps.stacks.authelia.oidc.jwksRsaKeyFile
Path to the file containing the JWKS RSA (RS256) private key.
For example, a keypair can be generated and printed out like this:
podman run --rm authelia/authelia sh -c "authelia crypto certificate rsa generate --common-name authelia.example.com && cat public.crt && cat private.pem"See https://www.authelia.com/configuration/identity-providers/openid-connect/provider/#key
nps.stacks.authelia.sessionProvider
'' Session provider to use.
See <https://www.authelia.com/configuration/session/introduction/>
''
nps.stacks.authelia.sessionSecretFile
Path to the file containing the session secret. See https://www.authelia.com/configuration/session/introduction/#secret
nps.stacks.authelia.settings
Additional Authelia settings. Will be provided in the configuration.yml.
nps.stacks.authelia.storageEncryptionKeyFile
Path to the file containing the storage encryption key. See https://www.authelia.com/configuration/storage/introduction/#encryption_key