WIP: feat(authelia): Add authentication with authelia

2025-05-24 07:26:11 +08:00 · 2025-05-24 07:26:11 +08:00 · 9a2a45aa38
commit 9a2a45aa38
parent b067bbc8c0
6 changed files with 62 additions and 3 deletions
--- a/configuration/services/authelia.nix
+++ b/configuration/services/authelia.nix
@ -0,0 +1,44 @@
+{ config, ... }:
+{
+  services.authelia.instances.tlaternet = {
+    enable = true;
+
+    settings = {
+      default_2fa_method = "totp";
+      headers.csp_template = todo!();
+
+      authentication_backend.ldap = {
+
+      };
+
+      totp = {
+        issuer = "tlater.net";
+      };
+
+      webauthn = {
+        # enable_passkey_login = true; ?
+        display_name = "tlater.net";
+      };
+
+      duo_api.disable = true;
+
+      telemetry.metrics.enabled = true;
+    };
+
+    secrets = {
+      storageEncryptionKeyFile = config.sops.secrets."authelia/storage-encryption-key".path;
+      jwtSecretFile = config.sops.secrets."authelia/jwt-secret".path;
+    };
+  };
+
+  services.lldap = {
+    enable = true;
+    settings = {
+      ldap_user_email = "admin@tlater.net";
+
+      ldap_base_dn = "dc=tlater,dc=net";
+
+      database_url = "postgres:///lldap";
+    };
+  };
+}