K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX(authelia): authelia secret keys

Browse Source 
- to dot notation
This commit is contained in:
Mayne0213
2025-12-30 22:38:50 +09:00
parent 9081778d80
commit a22f4240b5
4 changed files with 11 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
authelia/helm-values.yaml
View File

@@ -1,9 +1,6 @@
# Authelia Helm Values # Authelia Helm Values
# Chart: https://charts.authelia.com # Chart: https://charts.authelia.com
# Domain configuration
domain: mayne0213.kro.kr
# Ingress - disabled, using separate ingress.yaml # Ingress - disabled, using separate ingress.yaml
ingress: ingress:
enabled: false enabled: false
@@ -47,9 +44,8 @@ configMap:
# Session configuration # Session configuration
session: session:
cookies: cookies:
- domain: mayne0213.kro.kr - domain: kro.kr
authelia_url: https://auth.mayne0213.kro.kr subdomain: auth0213
default_redirection_url: https://mayne.kro.kr
# Storage - PostgreSQL (CNPG cluster) # Storage - PostgreSQL (CNPG cluster)
storage: storage:
@@ -62,21 +58,7 @@ configMap:
# Access control rules # Access control rules
access_control: access_control:
default_policy: deny default_policy: one_factor
rules:
# Bypass for public services
- domain:
- mayne.kro.kr
- "*.jaejadle.kro.kr"
- "*.joossameng.kro.kr"
- "*.jovies.kro.kr"
- "*.minjo0213.kro.kr"
- "*.todo0213.kro.kr"
policy: bypass
# One factor for admin services
- domain:
- "*.mayne0213.kro.kr"
policy: one_factor
# Notifier - filesystem (no email) # Notifier - filesystem (no email)
notifier: notifier:
@@ -87,7 +69,7 @@ configMap:
# TOTP configuration # TOTP configuration
totp: totp:
enabled: true enabled: true
issuer: mayne0213.kro.kr issuer: mayne.kro.kr
# Identity providers (OIDC) - can be enabled later # Identity providers (OIDC) - can be enabled later
identity_providers: identity_providers:

4
authelia/ingress.yaml
View File

@@ -9,10 +9,10 @@ spec:
ingressClassName: traefik ingressClassName: traefik
tls: tls:
- hosts: - hosts:
- auth.mayne0213.kro.kr - auth0213.kro.kr
secretName: authelia-tls secretName: authelia-tls
rules: rules:
- host: auth.mayne0213.kro.kr - host: auth0213.kro.kr
http: http:
paths: paths:
- path: / - path: /

2
authelia/users-database.yaml
View File

@@ -11,7 +11,7 @@ data:
admin: admin:
disabled: false disabled: false
displayname: "Admin" displayname: "Admin"
email: admin@mayne0213.kro.kr email: admin@mayne.kro.kr
password: "$argon2id$v=19$m=65536,t=3,p=4$PHApThq3PclXyjhly4bAwA$ZdC+5EEshnK/MDsQb2fUfpujG3ujcFM7APmqrMgXjsE" password: "$argon2id$v=19$m=65536,t=3,p=4$PHApThq3PclXyjhly4bAwA$ZdC+5EEshnK/MDsQb2fUfpujG3ujcFM7APmqrMgXjsE"
groups: groups:
- admins - admins

10
authelia/vault/authelia-secrets.yaml
View File

@@ -12,16 +12,15 @@ spec:
name: authelia-secrets name: authelia-secrets
creationPolicy: Owner creationPolicy: Owner
data: data:
# Authelia secrets - secretKey: jwt.token
- secretKey: JWT_TOKEN
remoteRef: remoteRef:
key: cluster-infrastructure/authelia key: cluster-infrastructure/authelia
property: JWT_SECRET property: JWT_SECRET
- secretKey: SESSION_ENCRYPTION_KEY - secretKey: session.encryption.key
remoteRef: remoteRef:
key: cluster-infrastructure/authelia key: cluster-infrastructure/authelia
property: SESSION_SECRET property: SESSION_SECRET
- secretKey: STORAGE_ENCRYPTION_KEY - secretKey: storage.encryption.key
remoteRef: remoteRef:
key: cluster-infrastructure/authelia key: cluster-infrastructure/authelia
property: STORAGE_ENCRYPTION_KEY property: STORAGE_ENCRYPTION_KEY
@@ -29,8 +28,7 @@ spec:
remoteRef: remoteRef:
key: cluster-infrastructure/authelia key: cluster-infrastructure/authelia
property: JWT_SECRET property: JWT_SECRET
# PostgreSQL password - secretKey: storage.postgres.password.txt
- secretKey: STORAGE_POSTGRES_PASSWORD
remoteRef: remoteRef:
key: databases/postgresql key: databases/postgresql
property: APP_PASSWORD property: APP_PASSWORD