diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 9a4a8f964..991625d64 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -4,44 +4,44 @@ # secret leaks. steps: # Blocking pipeline for master branch deployments (concurrency_group). - - label: ":pipeline: Setup Pipeline" - command: ".buildkite/pipeline.sh | buildkite-agent pipeline upload" + - label: ':pipeline: Setup Pipeline' + command: '.buildkite/pipeline.sh | buildkite-agent pipeline upload' concurrency: 1 - concurrency_group: "deployments" - if: build.branch == "master" + concurrency_group: 'deployments' + if: 'build.branch == "master"' # Non-blocking pipeline for all others (tagged commits/local branches/PRs). - - label: ":pipeline: Setup Pipeline" - command: ".buildkite/pipeline.sh | buildkite-agent pipeline upload" - if: build.branch != "master" + - label: ':pipeline: Setup Pipeline' + command: '.buildkite/pipeline.sh | buildkite-agent pipeline upload' + if: 'build.branch != "master"' - wait: # yamllint disable-line rule:empty-values - if: build.pull_request.repository.fork != true && build.branch !~ /^(dependabot|renovate)\/.*/ && build.message !~ /^docs/ # yamllint disable-line rule:line-length + if: 'build.pull_request.repository.fork != true && build.branch !~ /^(dependabot|renovate)\/.*/ && build.message !~ /^docs/' # yamllint disable-line rule:line-length # Manual intervention by team required to deploy for forked PRs (prevent secret leakage). - - block: "Public fork needs approval" - if: build.pull_request.repository.fork == true + - block: 'Public fork needs approval' + if: 'build.pull_request.repository.fork == true' # Blocking deployment for master branch deployments (concurrency_group). - - label: ":rocket: Setup Deployment" - command: ".buildkite/deployment.sh | buildkite-agent pipeline upload" + - label: ':rocket: Setup Deployment' + command: '.buildkite/deployment.sh | buildkite-agent pipeline upload' concurrency: 1 - concurrency_group: "deployments" - depends_on: ~ - if: build.branch == "master" && build.message !~ /^docs/ + concurrency_group: 'deployments' + depends_on: '~' + if: 'build.branch == "master" && build.message !~ /^docs/' # Non-blocking deployment for all others (tagged commits/local branches). - - label: ":rocket: Setup Deployment" - command: ".buildkite/deployment.sh | buildkite-agent pipeline upload" + - label: ':rocket: Setup Deployment' + command: '.buildkite/deployment.sh | buildkite-agent pipeline upload' depends_on: ~ - if: build.branch != "master" && build.branch !~ /^(dependabot|renovate)\/.*/ && build.message !~ /^docs/ && build.pull_request.repository.fork != true # yamllint disable-line rule:line-length + if: 'build.branch != "master" && build.branch !~ /^(dependabot|renovate)\/.*/ && build.message !~ /^docs/ && build.pull_request.repository.fork != true' # yamllint disable-line rule:line-length # Removed dependency optimisation for forked PRs to enforce block step. - - label: ":rocket: Setup Deployment" - command: ".buildkite/deployment.sh | buildkite-agent pipeline upload" - if: build.message !~ /^docs/ && build.pull_request.repository.fork == true + - label: ':rocket: Setup Deployment' + command: '.buildkite/deployment.sh | buildkite-agent pipeline upload' + if: 'build.message !~ /^docs/ && build.pull_request.repository.fork == true' notify: - - webhook: "" - if: build.state == "blocked" + - webhook: '' + if: 'build.state == "blocked"' ... diff --git a/.codecov.yml b/.codecov.yml index 6fec44956..5443cf909 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -3,42 +3,42 @@ codecov: require_ci_to_pass: true comment: - layout: "reach, diff, flags, files" - behavior: default + layout: 'reach, diff, flags, files' + behavior: 'default' require_changes: false coverage: precision: 2 - round: down - range: "70...100" + round: 'down' + range: '70...100' status: project: default: false backend: - base: auto - threshold: 0.15% + base: 'auto' + threshold: '0.15%' flags: - - backend + - 'backend' frontend: - base: auto - threshold: 0.15% + base: 'auto' + threshold: '0.15%' flags: - - frontend + - 'frontend' flags: backend: paths: - - "cmd/authelia/" - - "internal/" - - "!internal/suites/" + - 'cmd/authelia/' + - 'internal/' + - '!internal/suites/' frontend: paths: - - "web/" - - "!web/coverage/" + - 'web/' + - '!web/coverage/' ignore: - - "web/src/serviceWorker.ts" - - "**/coverage.txt" + - 'web/src/serviceWorker.ts' + - '**/coverage.txt' parsers: gcov: diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index 5edf31148..aad2618b9 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -1,12 +1,12 @@ --- -name: Bug Report -description: Report a bug +name: 'Bug Report' +description: 'Report a bug' labels: - - type/bug/unconfirmed - - status/needs-triage - - priority/4/normal + - 'type/bug/unconfirmed' + - 'status/needs-triage' + - 'priority/4/normal' body: - - type: markdown + - type: 'markdown' attributes: value: | Thanks for taking the time to fill out this bug report. If you are unsure if this is actually a bug and you still need some form of support we generally recommend creating a [Question and Answer Discussion](https://github.com/authelia/authelia/discussions/new?category=q-a) first. @@ -25,160 +25,190 @@ body: - Do not truncate any logs unless you are complying with the specific instructions in the [Logs](https://www.authelia.com/r/troubleshooting#logs) section. - If you plan on sanitizing, removing, or adjusting any values for the logs or configuration files please read the [Sanitization](https://www.authelia.com/r/troubleshooting#sanitization) section. 7. Please consider including a [HTTP Archive File](https://www.authelia.com/r/har) if you're having redirection issues. - - type: dropdown - id: version + - type: 'dropdown' + id: 'version' attributes: - label: Version - description: What version(s) of Authelia can you reproduce this bug on? + label: | + Version + description: | + What version(s) of Authelia can you reproduce this bug on? multiple: true options: - - v4.37.5 - - v4.37.4 - - v4.37.3 - - v4.37.2 - - v4.37.1 - - v4.37.0 - - v4.36.9 - - v4.36.8 - - v4.36.7 - - v4.36.6 - - v4.36.5 - - v4.36.4 - - v4.36.3 - - v4.36.2 - - v4.36.1 - - v4.36.0 - - v4.35.6 - - v4.35.5 - - v4.35.4 - - v4.35.3 - - v4.35.2 - - v4.35.1 - - v4.35.0 - - v4.34.6 - - v4.34.5 - - v4.34.4 - - v4.34.3 - - v4.34.2 - - v4.34.1 - - v4.34.0 - - v4.33.2 - - v4.33.1 - - v4.33.0 - - v4.32.2 - - v4.32.1 - - v4.32.0 + - 'v4.37.5' + - 'v4.37.4' + - 'v4.37.3' + - 'v4.37.2' + - 'v4.37.1' + - 'v4.37.0' + - 'v4.36.9' + - 'v4.36.8' + - 'v4.36.7' + - 'v4.36.6' + - 'v4.36.5' + - 'v4.36.4' + - 'v4.36.3' + - 'v4.36.2' + - 'v4.36.1' + - 'v4.36.0' + - 'v4.35.6' + - 'v4.35.5' + - 'v4.35.4' + - 'v4.35.3' + - 'v4.35.2' + - 'v4.35.1' + - 'v4.35.0' + - 'v4.34.6' + - 'v4.34.5' + - 'v4.34.4' + - 'v4.34.3' + - 'v4.34.2' + - 'v4.34.1' + - 'v4.34.0' + - 'v4.33.2' + - 'v4.33.1' + - 'v4.33.0' + - 'v4.32.2' + - 'v4.32.1' + - 'v4.32.0' validations: required: true - - type: dropdown - id: deployment + - type: 'dropdown' + id: 'deployment' attributes: - label: Deployment Method - description: How are you deploying Authelia? + label: | + Deployment Method + description: | + How are you deploying Authelia? options: - - Docker - - Kubernetes - - Bare-metal - - Other + - 'Docker' + - 'Kubernetes' + - 'Bare-metal' + - 'Other' validations: required: true - - type: dropdown - id: proxy + - type: 'dropdown' + id: 'proxy' attributes: - label: Reverse Proxy - description: What reverse proxy are you using? + label: | + Reverse Proxy + description: | + What reverse proxy are you using? options: - - Caddy - - Traefik - - Envoy - - Istio - - NGINX - - SWAG - - NGINX Proxy Manager - - HAProxy + - 'Caddy' + - 'Traefik' + - 'Envoy' + - 'Istio' + - 'NGINX' + - 'SWAG' + - 'NGINX Proxy Manager' + - 'HAProxy' validations: required: true - - type: input - id: proxy-version + - type: 'input' + id: 'proxy-version' attributes: - label: Reverse Proxy Version - description: What is the version of your reverse proxy? - placeholder: x.x.x + label: | + Reverse Proxy Version + description: | + What is the version of your reverse proxy? + placeholder: 'x.x.x' validations: required: false - - type: textarea - id: description + - type: 'textarea' + id: 'description' attributes: - label: Description - description: Describe the bug. + label: | + Description + description: | + Describe the bug. validations: required: true - - type: textarea - id: reproduction + - type: 'textarea' + id: 'reproduction' attributes: - label: Reproduction - description: Describe how we can reproduce this issue. This should be step by step and should include detailed and specific information. Abstract or generic information should be avoided. For example this should include specific application names and versions if relevant. Reproducing the issue is important so we can verify it exists, add relevant tests, and verify it is solved. + label: | + Reproduction + description: | + Describe how we can reproduce this issue. This should be step by step and should include detailed and specific information. Abstract or generic information should be avoided. For example this should include specific application names and versions if relevant. Reproducing the issue is important so we can verify it exists, add relevant tests, and verify it is solved. validations: required: true - - type: textarea - id: expectations + - type: 'textarea' + id: 'expectations' attributes: - label: Expectations - description: Describe the desired or expected results. + label: | + Expectations + description: | + Describe the desired or expected results. validations: required: false - - type: textarea - id: configuration + - type: 'textarea' + id: 'configuration' attributes: - label: Configuration (Authelia) - description: Provide a complete configuration file (the template will automatically put this content in a code block). - render: yaml + label: | + Configuration (Authelia) + description: | + Provide a complete configuration file (the template will automatically put this content in a code block). + render: 'yaml' validations: required: false - - type: textarea - id: logs + - type: 'textarea' + id: 'logs' attributes: - label: Logs (Authelia) + label: | + Logs (Authelia) description: | Provide complete logs with the log level set to debug or trace. Complete means from application start until the issue occurring. This is clearly explained in the [Logs](https://www.authelia.com/r/troubleshooting#logs) section of the troubleshooting guide. The template will automatically put this content in a code block so you can just paste it. - render: shell + render: 'shell' validations: required: true - - type: textarea - id: logs-other + - type: 'textarea' + id: 'logs-other' attributes: - label: Logs (Proxy / Application) - description: Provide complete debug logs for the affected proxy and/or application if available and relevant (the template will automatically put this content in a code block). - render: shell + label: | + Logs (Proxy / Application) + description: | + Provide complete debug logs for the affected proxy and/or application if available and relevant (the template will automatically put this content in a code block). + render: 'shell' validations: required: false - - type: textarea - id: documentation + - type: 'textarea' + id: 'documentation' attributes: - label: Documentation - description: Provide any relevant specification or other documentation if applicable. + label: | + Documentation + description: | + Provide any relevant specification or other documentation if applicable. validations: required: false - - type: checkboxes - id: checklist + - type: 'checkboxes' + id: 'checklist' attributes: - label: Pre-Submission Checklist - description: By submitting this issue confirm all of the following. + label: | + Pre-Submission Checklist + description: | + By submitting this issue confirm all of the following. options: - - label: I agree to follow the [Code of Conduct](http://www.authelia.com/code-of-conduct) + - label: | + I agree to follow the [Code of Conduct](http://www.authelia.com/code-of-conduct) required: true - - label: This is a bug report and not a support request + - label: | + This is a bug report and not a support request required: true - - label: I have read the security policy and this bug report is not a security issue or security related issue + - label: | + I have read the security policy and this bug report is not a security issue or security related issue required: true - - label: I have either included the complete configuration file or I am sure it's unrelated to the configuration + - label: | + I have either included the complete configuration file or I am sure it's unrelated to the configuration required: true - - label: I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the [Troubleshooting Sanitization](https://www.authelia.com/r/sanitize) reference guide + - label: | + I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the [Troubleshooting Sanitization](https://www.authelia.com/r/sanitize) reference guide required: true - - label: I have checked for related proxy or application logs and included them if available + - label: | + I have checked for related proxy or application logs and included them if available required: true - - label: I have checked for related issues and checked the documentation + - label: | + I have checked for related issues and checked the documentation required: true ... diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index bb22f1d60..e77510813 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -10,14 +10,14 @@ # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # -name: "CodeQL" +name: 'CodeQL' # yamllint disable-line rule:truthy on: push: branches: - - master - - gh-pages + - 'master' + - 'gh-pages' paths: - 'go.mod' - 'go.sum' @@ -29,7 +29,7 @@ on: pull_request: # The branches below must be a subset of the branches above branches: - - master + - 'master' paths: - 'go.mod' - 'go.sum' @@ -43,12 +43,12 @@ on: jobs: analyze: - name: Analyze - runs-on: ubuntu-latest + name: 'Analyze' + runs-on: 'ubuntu-latest' permissions: - actions: read - contents: read - security-events: write + actions: 'read' + contents: 'read' + security-events: 'write' strategy: fail-fast: false @@ -59,23 +59,23 @@ jobs: - 'javascript' steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: 'Checkout repository' + uses: 'actions/checkout@v3' # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + - name: 'Initialize CodeQL' + uses: 'github/codeql-action/init@v1' with: # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # queries: ./path/to/local/query, your-org/your-repo/queries@main - languages: ${{ matrix.language }} + languages: '${{ matrix.language }}' # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 + - name: 'Autobuild' + uses: 'github/codeql-action/autobuild@v1' # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,6 +88,6 @@ jobs: # make bootstrap # make release - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: 'Perform CodeQL Analysis' + uses: 'github/codeql-action/analyze@v1' ... diff --git a/.golangci.yml b/.golangci.yml index 94a990401..bb3375ada 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,6 +1,6 @@ --- run: - timeout: 3m + timeout: '3m' linters-settings: goconst: @@ -11,40 +11,40 @@ linters-settings: godot: check-all: true goimports: - local-prefixes: github.com/authelia/authelia + local-prefixes: 'github.com/authelia/authelia' revive: confidence: 0.8 linters: enable: - - asciicheck - - goconst - - gocritic - - gocyclo - - godot - - gofmt - - goimports - - gosec - - misspell - - nolintlint - - prealloc - - revive - - unconvert - - unparam - - whitespace - - wsl + - 'asciicheck' + - 'goconst' + - 'gocritic' + - 'gocyclo' + - 'godot' + - 'gofmt' + - 'goimports' + - 'gosec' + - 'misspell' + - 'nolintlint' + - 'prealloc' + - 'revive' + - 'unconvert' + - 'unparam' + - 'whitespace' + - 'wsl' issues: exclude: - - Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked # yamllint disable-line rule:line-length - - func name will be used as test\.Test.* by other packages, and that stutters; consider calling this - - (possible misuse of unsafe.Pointer|should have signature) - - ineffective break statement. Did you mean to break out of the outer loop - - Use of unsafe calls should be audited - - Subprocess launch(ed with variable|ing should be audited) - - (G104|G307) - - (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less) - - Potential file inclusion via variable + - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked' # yamllint disable-line rule:line-length + - 'func name will be used as test\.Test.* by other packages, and that stutters; consider calling this' + - '(possible misuse of unsafe.Pointer|should have signature)' + - 'ineffective break statement. Did you mean to break out of the outer loop' + - 'Use of unsafe calls should be audited' + - 'Subprocess launch(ed with variable|ing should be audited)' + - '(G104|G307)' + - '(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)' + - 'Potential file inclusion via variable' exclude-use-default: false max-issues-per-linter: 0 max-same-issues: 0 diff --git a/.reviewdog.yml b/.reviewdog.yml index dd5262b0b..0ad23bcca 100644 --- a/.reviewdog.yml +++ b/.reviewdog.yml @@ -1,19 +1,19 @@ --- runner: golangci: - cmd: golangci-lint run + cmd: 'golangci-lint run' errorformat: - '%E%f:%l:%c: %m' - '%E%f:%l: %m' - '%C%.%#' - level: error + level: 'error' eslint: - cmd: cd web && eslint -f rdjson '*/**/*.{js,ts,tsx}' - format: rdjson - level: error + cmd: 'cd web && eslint -f rdjson "*/**/*.{js,ts,tsx}"' + format: 'rdjson' + level: 'error' yamllint: - cmd: yamllint --format parsable . + cmd: 'yamllint --format parsable .' errorformat: - '%f:%l:%c: %m' - level: warning + level: 'warning' ... diff --git a/.yamllint.yml b/.yamllint.yml index c5cb4ee41..bc9fb341d 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -1,7 +1,7 @@ --- -extends: default +extends: 'default' -locale: en_US.UTF-8 +locale: 'en_US.UTF-8' yaml-files: - '*.yaml' @@ -19,13 +19,13 @@ ignore: | .github/ISSUE_TEMPLATE/bug-report.yml rules: document-end: - level: warning + level: 'warning' empty-values: - level: warning + level: 'warning' indentation: spaces: 2 check-multi-line-strings: true line-length: max: 120 - octal-values: enable + octal-values: 'enable' ... diff --git a/examples/compose/lite/authelia/configuration.yml b/examples/compose/lite/authelia/configuration.yml index bd06a5dd3..45afb118c 100644 --- a/examples/compose/lite/authelia/configuration.yml +++ b/examples/compose/lite/authelia/configuration.yml @@ -4,71 +4,70 @@ ############################################################### # This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE -jwt_secret: a_very_important_secret -default_redirection_url: https://public.example.com +jwt_secret: 'a_very_important_secret' +default_redirection_url: 'https://public.example.com' server: address: 'tcp://:9091' log: - level: debug + level: 'debug' totp: - issuer: authelia.com + issuer: 'authelia.com' # duo_api: -# hostname: api-123456789.example.com -# integration_key: ABCDEF +# hostname: 'api-123456789.example.com' +# integration_key: 'ABCDEF' # # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE # secret_key: 1234567890abcdefghifjkl authentication_backend: file: - path: /config/users_database.yml + path: '/config/users_database.yml' access_control: - default_policy: deny + default_policy: 'deny' rules: # Rules applied to everyone - - domain: public.example.com - policy: bypass - - domain: traefik.example.com - policy: one_factor - - domain: secure.example.com - policy: two_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'traefik.example.com' + policy: 'one_factor' + - domain: 'secure.example.com' + policy: 'two_factor' session: # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE - secret: unsecure_session_secret + secret: 'unsecure_session_secret' cookies: - - name: authelia_session - domain: example.com # Should match whatever your root protected domain is - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes + - name: 'authelia_session' + domain: 'example.com' # Should match whatever your root protected domain is + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes redis: - host: redis + host: 'redis' port: 6379 # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE - # password: authelia + # password: 'authelia' regulation: max_retries: 3 - find_time: 120 - ban_time: 300 + find_time: '2m' + ban_time: '5m' storage: - encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this + encryption_key: 'you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this' local: - path: /config/db.sqlite3 + path: '/config/db.sqlite3' notifier: smtp: - username: test + address: 'smtp://mail.example.com:25' + username: 'test' # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE - password: password - host: mail.example.com - port: 25 - sender: admin@example.com + password: 'password' + sender: 'admin@example.com' ... diff --git a/examples/compose/lite/authelia/users_database.yml b/examples/compose/lite/authelia/users_database.yml index 08944d06e..91699edce 100644 --- a/examples/compose/lite/authelia/users_database.yml +++ b/examples/compose/lite/authelia/users_database.yml @@ -9,11 +9,11 @@ users: authelia: disabled: false - displayname: "Authelia User" + displayname: 'Authelia User' # Password is authelia - password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # yamllint disable-line rule:line-length - email: authelia@authelia.com + password: '$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/' # yamllint disable-line rule:line-length + email: 'authelia@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' ... diff --git a/examples/compose/lite/docker-compose.yml b/examples/compose/lite/docker-compose.yml index 4932a2a2d..fb1fdea96 100644 --- a/examples/compose/lite/docker-compose.yml +++ b/examples/compose/lite/docker-compose.yml @@ -1,18 +1,18 @@ --- -version: '3.3' +version: '3.8' networks: net: - driver: bridge + driver: 'bridge' services: authelia: - image: authelia/authelia - container_name: authelia + image: 'authelia/authelia' + container_name: 'authelia' volumes: - - ./authelia:/config + - './authelia:/config' networks: - - net + - 'net' labels: - 'traefik.enable=true' - 'traefik.http.routers.authelia.rule=Host(`authelia.example.com`)' @@ -24,34 +24,34 @@ services: - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length expose: - 9091 - restart: unless-stopped + restart: 'unless-stopped' healthcheck: ## In production the healthcheck section should be commented. disable: true environment: - - TZ=Australia/Melbourne + TZ: 'Australia/Melbourne' redis: - image: redis:alpine - container_name: redis + image: 'redis:alpine' + container_name: 'redis' volumes: - - ./redis:/data + - './redis:/data' networks: - - net + - 'net' expose: - 6379 - restart: unless-stopped + restart: 'unless-stopped' environment: - - TZ=Australia/Melbourne + TZ: 'Australia/Melbourne' traefik: - image: traefik:v2.10.1 - container_name: traefik + image: 'traefik:v2.10.1' + container_name: 'traefik' volumes: - - ./traefik:/etc/traefik - - /var/run/docker.sock:/var/run/docker.sock + - './traefik:/etc/traefik' + - '/var/run/docker.sock:/var/run/docker.sock' networks: - - net + - 'net' labels: - 'traefik.enable=true' - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)' @@ -80,10 +80,10 @@ services: - '--log.level=DEBUG' secure: - image: traefik/whoami - container_name: secure + image: 'traefik/whoami' + container_name: 'secure' networks: - - net + - 'net' labels: - 'traefik.enable=true' - 'traefik.http.routers.secure.rule=Host(`secure.example.com`)' @@ -93,13 +93,13 @@ services: - 'traefik.http.routers.secure.middlewares=authelia@docker' expose: - 80 - restart: unless-stopped + restart: 'unless-stopped' public: - image: traefik/whoami - container_name: public + image: 'traefik/whoami' + container_name: 'public' networks: - - net + - 'net' labels: - 'traefik.enable=true' - 'traefik.http.routers.public.rule=Host(`public.example.com`)' @@ -109,5 +109,5 @@ services: - 'traefik.http.routers.public.middlewares=authelia@docker' expose: - 80 - restart: unless-stopped + restart: 'unless-stopped' ... diff --git a/examples/compose/local/authelia/configuration.yml b/examples/compose/local/authelia/configuration.yml index c19b62167..c63d96b2b 100644 --- a/examples/compose/local/authelia/configuration.yml +++ b/examples/compose/local/authelia/configuration.yml @@ -3,52 +3,52 @@ # Authelia configuration # ############################################################### -jwt_secret: a_very_important_secret -default_redirection_url: https://public.example.com +jwt_secret: 'a_very_important_secret' +default_redirection_url: 'https://public.example.com' server: address: 'tcp://:9091' log: - level: debug + level: 'debug' totp: - issuer: authelia.com + issuer: 'authelia.com' authentication_backend: file: - path: /config/users_database.yml + path: '/config/users_database.yml' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: public.example.com - policy: bypass - - domain: traefik.example.com - policy: one_factor - - domain: secure.example.com - policy: two_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'traefik.example.com' + policy: 'one_factor' + - domain: 'secure.example.com' + policy: 'two_factor' session: - secret: unsecure_session_secret + secret: 'unsecure_session_secret' cookies: - - name: authelia_session - domain: example.com # Should match whatever your root protected domain is - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes + - name: 'authelia_session' + domain: 'example.com' # Should match whatever your root protected domain is + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes regulation: max_retries: 3 - find_time: 120 - ban_time: 300 + find_time: '2m' + ban_time: '5m' storage: - encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this + encryption_key: 'you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this' local: - path: /config/db.sqlite3 + path: '/config/db.sqlite3' notifier: filesystem: - filename: /config/notification.txt + filename: '/config/notification.txt' ... diff --git a/examples/compose/local/authelia/users_database.yml b/examples/compose/local/authelia/users_database.yml index 1ca38bd6d..911385131 100644 --- a/examples/compose/local/authelia/users_database.yml +++ b/examples/compose/local/authelia/users_database.yml @@ -9,10 +9,10 @@ users: : disabled: false - displayname: "" - password: "" - email: @example.com + displayname: '' + password: '' + email: '@example.com' groups: - - admins - - dev + - 'admins' + - 'dev' ... diff --git a/examples/compose/local/docker-compose.yml b/examples/compose/local/docker-compose.yml index a7edbd663..f29bddfac 100644 --- a/examples/compose/local/docker-compose.yml +++ b/examples/compose/local/docker-compose.yml @@ -3,16 +3,16 @@ version: '3.3' networks: net: - driver: bridge + driver: 'bridge' services: authelia: - image: authelia/authelia - container_name: authelia + image: 'authelia/authelia' + container_name: 'authelia' volumes: - - ./authelia:/config + - './authelia:/config' networks: - - net + - 'net' labels: - 'traefik.enable=true' - 'traefik.http.routers.authelia.rule=Host(`authelia.example.com`)' @@ -24,21 +24,21 @@ services: - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length expose: - 9091 - restart: unless-stopped + restart: 'unless-stopped' healthcheck: ## In production the healthcheck section should be commented. disable: true environment: - - TZ=Australia/Melbourne + TZ: 'Australia/Melbourne' traefik: - image: traefik:v2.10.1 - container_name: traefik + image: 'traefik:v2.10.1' + container_name: 'traefik' volumes: - - ./traefik:/etc/traefik - - /var/run/docker.sock:/var/run/docker.sock + - './traefik:/etc/traefik' + - '/var/run/docker.sock:/var/run/docker.sock' networks: - - net + - 'net' labels: - 'traefik.enable=true' - 'traefik.http.routers.api.rule=Host(`traefik.example.com`)' @@ -65,10 +65,10 @@ services: - '--log.level=DEBUG' secure: - image: traefik/whoami - container_name: secure + image: 'traefik/whoami' + container_name: 'secure' networks: - - net + - 'net' labels: - 'traefik.enable=true' - 'traefik.http.routers.secure.rule=Host(`secure.example.com`)' @@ -78,13 +78,13 @@ services: - 'traefik.http.routers.secure.middlewares=authelia@docker' expose: - 80 - restart: unless-stopped + restart: 'unless-stopped' public: - image: traefik/whoami - container_name: public + image: 'traefik/whoami' + container_name: 'public' networks: - - net + - 'net' labels: - 'traefik.enable=true' - 'traefik.http.routers.public.rule=Host(`public.example.com`)' @@ -94,5 +94,5 @@ services: - 'traefik.http.routers.public.middlewares=authelia@docker' expose: - 80 - restart: unless-stopped + restart: 'unless-stopped' ... diff --git a/examples/compose/local/traefik/certificates.yml b/examples/compose/local/traefik/certificates.yml index 4881d8635..b0595bdb8 100644 --- a/examples/compose/local/traefik/certificates.yml +++ b/examples/compose/local/traefik/certificates.yml @@ -1,6 +1,6 @@ --- tls: certificates: - - certFile: /etc/traefik/certs/cert.pem - keyFile: /etc/traefik/certs/key.pem + - certFile: '/etc/traefik/certs/cert.pem' + keyFile: '/etc/traefik/certs/key.pem' ... diff --git a/internal/authentication/users_database.template.yml b/internal/authentication/users_database.template.yml index 9e1b2043e..dbf86d1f2 100644 --- a/internal/authentication/users_database.template.yml +++ b/internal/authentication/users_database.template.yml @@ -9,11 +9,11 @@ users: authelia: disabled: false - displayname: "Test User" - password: "$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk" # Password is 'authelia' - email: authelia@authelia.com + displayname: 'Test User' + password: '$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk' # Password is 'authelia' + email: 'authelia@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' ... # yamllint enable rule:line-length diff --git a/internal/configuration/test_resources/config.deprecated.alt.yml b/internal/configuration/test_resources/config.deprecated.alt.yml index 9ea5f9cd6..d9370086c 100644 --- a/internal/configuration/test_resources/config.deprecated.alt.yml +++ b/internal/configuration/test_resources/config.deprecated.alt.yml @@ -1,37 +1,37 @@ --- -default_redirection_url: https://home.example.com:8080/ +default_redirection_url: 'https://home.example.com:8080/' server: - address: "tcp://127.0.0.1:9091" + address: 'tcp://127.0.0.1:9091' endpoints: authz: forward-auth: - implementation: ForwardAuth + implementation: 'ForwardAuth' authn_strategies: - - name: HeaderProxyAuthorization - - name: CookieSession + - name: 'HeaderProxyAuthorization' + - name: 'CookieSession' ext-authz: - implementation: ExtAuthz + implementation: 'ExtAuthz' authn_strategies: - - name: HeaderProxyAuthorization - - name: CookieSession + - name: 'HeaderProxyAuthorization' + - name: 'CookieSession' auth-request: - implementation: AuthRequest + implementation: 'AuthRequest' authn_strategies: - - name: HeaderAuthRequestProxyAuthorization - - name: CookieSession + - name: 'HeaderAuthRequestProxyAuthorization' + - name: 'CookieSession' legacy: - implementation: Legacy + implementation: 'Legacy' log: - level: debug + level: 'debug' totp: - issuer: authelia.com + issuer: 'authelia.com' duo_api: - hostname: api-123456789.example.com - integration_key: ABCDEF + hostname: 'api-123456789.example.com' + integration_key: 'ABCDEF' authentication_backend: ldap: @@ -65,109 +65,109 @@ authentication_backend: USjhLXY0Nld2zBm9r8wMb81mXH29uvD+tDqqsICvyuKlA/tyzXR+QTr7dCVKVwu0 1YjCJ36UpTsLre2f8nOSLtNmRfDPtbOE2mkOoO9dD9UU0XZwnvn9xw== -----END RSA PRIVATE KEY----- - base_dn: dc=example,dc=com - username_attribute: uid - additional_users_dn: ou=users - users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) - additional_groups_dn: ou=groups - groups_filter: (&(member={dn})(objectClass=groupOfNames)) - group_name_attribute: cn - mail_attribute: mail - user: cn=admin,dc=example,dc=com + base_dn: 'dc=example,dc=com' + username_attribute: 'uid' + additional_users_dn: 'ou=users' + users_filter: '(&({username_attribute}={input})(objectCategory=person)(objectClass=user))' + additional_groups_dn: 'ou=groups' + groups_filter: '(&(member={dn})(objectClass=groupOfNames))' + group_name_attribute: 'cn' + mail_attribute: 'mail' + user: 'cn=admin,dc=example,dc=com' access_control: - default_policy: deny + default_policy: 'deny' rules: # Rules applied to everyone - - domain: public.example.com - policy: bypass + - domain: 'public.example.com' + policy: 'bypass' - - domain: secure.example.com - policy: one_factor + - domain: 'secure.example.com' + policy: 'one_factor' # Network based rule, if not provided any network matches. networks: - - 192.168.1.0/24 - - domain: secure.example.com - policy: two_factor + - '192.168.1.0/24' + - domain: 'secure.example.com' + policy: 'two_factor' - - domain: [singlefactor.example.com, onefactor.example.com] - policy: one_factor + - domain: ['singlefactor.example.com', 'onefactor.example.com'] + policy: 'one_factor' # Rules applied to 'admins' group - - domain: "mx2.mail.example.com" - subject: "group:admins" - policy: deny - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: 'mx2.mail.example.com' + subject: 'group:admins' + policy: 'deny' + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' # Rules applied to 'dev' group - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/groups/dev/.*$" - subject: "group:dev" - policy: two_factor + - '^/groups/dev/.*$' + subject: 'group:dev' + policy: 'two_factor' # Rules applied to user 'john' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' # Rules applied to 'dev' group and user 'john' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/deny-all.*$" - subject: ["group:dev", "user:john"] - policy: deny + - '^/deny-all.*$' + subject: ['group:dev', 'user:john'] + policy: 'deny' # Rules applied to user 'harry' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' # Rules applied to user 'bob' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor - - domain: "dev.example.com" + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' session: - name: authelia_session - expiration: 3600000 # 1 hour - inactivity: 300000 # 5 minutes - domain: example.com + name: 'authelia_session' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + domain: 'example.com' redis: - host: 127.0.0.1 + host: '127.0.0.1' port: 6379 high_availability: - sentinel_name: test + sentinel_name: 'test' regulation: max_retries: 3 - find_time: 120 - ban_time: 300 + find_time: '2m' + ban_time: '5m' storage: postgres: - host: 127.0.0.1 + host: '127.0.0.1' port: 5432 - database: authelia - username: authelia + database: 'authelia' + username: 'authelia' notifier: smtp: - username: test - host: 127.0.0.1 + username: 'test' + host: '127.0.0.1' port: 1025 - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/configuration/test_resources/config.deprecated.yml b/internal/configuration/test_resources/config.deprecated.yml index 24a577b4f..7e211cb19 100644 --- a/internal/configuration/test_resources/config.deprecated.yml +++ b/internal/configuration/test_resources/config.deprecated.yml @@ -1,37 +1,37 @@ --- -default_redirection_url: https://home.example.com:8080/ +default_redirection_url: 'https://home.example.com:8080/' server: - address: "tcp://127.0.0.1:9091" + address: 'tcp://127.0.0.1:9091' endpoints: authz: forward-auth: - implementation: ForwardAuth + implementation: 'ForwardAuth' authn_strategies: - - name: HeaderProxyAuthorization - - name: CookieSession + - name: 'HeaderProxyAuthorization' + - name: 'CookieSession' ext-authz: - implementation: ExtAuthz + implementation: 'ExtAuthz' authn_strategies: - - name: HeaderProxyAuthorization - - name: CookieSession + - name: 'HeaderProxyAuthorization' + - name: 'CookieSession' auth-request: - implementation: AuthRequest + implementation: 'AuthRequest' authn_strategies: - - name: HeaderAuthRequestProxyAuthorization - - name: CookieSession + - name: 'HeaderAuthRequestProxyAuthorization' + - name: 'CookieSession' legacy: - implementation: Legacy + implementation: 'Legacy' log: - level: debug + level: 'debug' totp: - issuer: authelia.com + issuer: 'authelia.com' duo_api: - hostname: api-123456789.example.com - integration_key: ABCDEF + hostname: 'api-123456789.example.com' + integration_key: 'ABCDEF' authentication_backend: ldap: @@ -65,109 +65,109 @@ authentication_backend: USjhLXY0Nld2zBm9r8wMb81mXH29uvD+tDqqsICvyuKlA/tyzXR+QTr7dCVKVwu0 1YjCJ36UpTsLre2f8nOSLtNmRfDPtbOE2mkOoO9dD9UU0XZwnvn9xw== -----END RSA PRIVATE KEY----- - base_dn: dc=example,dc=com - username_attribute: uid - additional_users_dn: ou=users - users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) - additional_groups_dn: ou=groups - groups_filter: (&(member={dn})(objectClass=groupOfNames)) - group_name_attribute: cn - mail_attribute: mail - user: cn=admin,dc=example,dc=com + base_dn: 'dc=example,dc=com' + username_attribute: 'uid' + additional_users_dn: 'ou=users' + users_filter: '(&({username_attribute}={input})(objectCategory=person)(objectClass=user))' + additional_groups_dn: 'ou=groups' + groups_filter: '(&(member={dn})(objectClass=groupOfNames))' + group_name_attribute: 'cn' + mail_attribute: 'mail' + user: 'cn=admin,dc=example,dc=com' access_control: - default_policy: deny + default_policy: 'deny' rules: # Rules applied to everyone - - domain: public.example.com - policy: bypass + - domain: 'public.example.com' + policy: 'bypass' - - domain: secure.example.com - policy: one_factor + - domain: 'secure.example.com' + policy: 'one_factor' # Network based rule, if not provided any network matches. networks: - - 192.168.1.0/24 - - domain: secure.example.com - policy: two_factor + - '192.168.1.0/24' + - domain: 'secure.example.com' + policy: 'two_factor' - - domain: [singlefactor.example.com, onefactor.example.com] - policy: one_factor + - domain: ['singlefactor.example.com', 'onefactor.example.com'] + policy: 'one_factor' # Rules applied to 'admins' group - - domain: "mx2.mail.example.com" - subject: "group:admins" - policy: deny - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: 'mx2.mail.example.com' + subject: 'group:admins' + policy: 'deny' + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' # Rules applied to 'dev' group - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/groups/dev/.*$" - subject: "group:dev" - policy: two_factor + - '^/groups/dev/.*$' + subject: 'group:dev' + policy: 'two_factor' # Rules applied to user 'john' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' # Rules applied to 'dev' group and user 'john' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/deny-all.*$" - subject: ["group:dev", "user:john"] - policy: deny + - '^/deny-all.*$' + subject: ['group:dev', 'user:john'] + policy: 'deny' # Rules applied to user 'harry' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' # Rules applied to user 'bob' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor - - domain: "dev.example.com" + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' session: - name: authelia_session - expiration: 3600000 # 1 hour - inactivity: 300000 # 5 minutes - domain: example.com + name: 'authelia_session' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + domain: 'example.com' redis: - host: 127.0.0.1 + host: '127.0.0.1' port: 6379 high_availability: - sentinel_name: test + sentinel_name: 'test' regulation: max_retries: 3 - find_time: 120 - ban_time: 300 + find_time: '2m' + ban_time: '5m' storage: mysql: - host: 127.0.0.1 + host: '127.0.0.1' port: 3306 - database: authelia - username: authelia + database: 'authelia' + username: 'authelia' notifier: smtp: - username: test - host: 127.0.0.1 + username: 'test' + host: '127.0.0.1' port: 1025 - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/configuration/test_resources/config.filtered.yml b/internal/configuration/test_resources/config.filtered.yml index aa7f5ca27..be49dc4f2 100644 --- a/internal/configuration/test_resources/config.filtered.yml +++ b/internal/configuration/test_resources/config.filtered.yml @@ -5,14 +5,14 @@ server: address: 'tcp://{{ env "SERVICES_SERVER" }}:9091' log: - level: debug + level: 'debug' totp: - issuer: authelia.com + issuer: 'authelia.com' duo_api: hostname: 'api-123456789.{{ env "ROOT_DOMAIN" }}' - integration_key: ABCDEF + integration_key: 'ABCDEF' authentication_backend: ldap: @@ -46,51 +46,51 @@ authentication_backend: USjhLXY0Nld2zBm9r8wMb81mXH29uvD+tDqqsICvyuKlA/tyzXR+QTr7dCVKVwu0 1YjCJ36UpTsLre2f8nOSLtNmRfDPtbOE2mkOoO9dD9UU0XZwnvn9xw== -----END RSA PRIVATE KEY----- - base_dn: dc=example,dc=com - username_attribute: uid - additional_users_dn: ou=users - users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) - additional_groups_dn: ou=groups - groups_filter: (&(member={dn})(objectClass=groupOfNames)) - group_name_attribute: cn - mail_attribute: mail - user: cn=admin,dc=example,dc=com + base_dn: 'dc=example,dc=com' + username_attribute: 'uid' + additional_users_dn: 'ou=users' + users_filter: '(&({username_attribute}={input})(objectCategory=person)(objectClass=user))' + additional_groups_dn: 'ou=groups' + groups_filter: '(&(member={dn})(objectClass=groupOfNames))' + group_name_attribute: 'cn' + mail_attribute: 'mail' + user: 'cn=admin,dc=example,dc=com' access_control: - default_policy: deny + default_policy: 'deny' rules: # Rules applied to everyone - domain: - 'public.{{ env "ROOT_DOMAIN" }}' - policy: bypass + policy: 'bypass' - domain: - 'secure.{{ env "ROOT_DOMAIN" }}' - policy: one_factor + policy: 'one_factor' # Network based rule, if not provided any network matches. networks: - - 192.168.1.0/24 + - '192.168.1.0/24' - domain: - 'secure.{{ env "ROOT_DOMAIN" }}' - policy: two_factor + policy: 'two_factor' - domain: - 'singlefactor.{{ env "ROOT_DOMAIN" }}' - 'onefactor.{{ env "ROOT_DOMAIN" }}' - policy: one_factor + policy: 'one_factor' # Rules applied to 'admins' group - domain: - 'mx2.mail.{{ env "ROOT_DOMAIN" }}' subject: - 'group:admins' - policy: deny + policy: 'deny' - domain: - '*.{{ env "ROOT_DOMAIN" }}' subject: - ['group:admins'] - policy: two_factor + policy: 'two_factor' # Rules applied to 'dev' group - domain: @@ -99,7 +99,7 @@ access_control: - '^/groups/dev/.*$' subject: - ['group:dev'] - policy: two_factor + policy: 'two_factor' # Rules applied to user 'john' - domain: @@ -108,17 +108,17 @@ access_control: - '^/users/john/.*$' subject: - ['user:john'] - policy: two_factor + policy: 'two_factor' # Rules applied to 'dev' group and user 'john' - domain: - 'dev.{{ env "ROOT_DOMAIN" }}' resources: - - "^/deny-all.*$" + - '^/deny-all.*$' subject: - ['group:dev'] - ['user:john'] - policy: deny + policy: 'deny' # Rules applied to user 'harry' - domain: @@ -127,47 +127,47 @@ access_control: - '^/users/harry/.*$' subject: - ['user:harry'] - policy: two_factor + policy: 'two_factor' # Rules applied to user 'bob' - domain: - '*.mail.{{ env "ROOT_DOMAIN" }}' subject: - ['user:bob'] - policy: two_factor + policy: 'two_factor' - domain: - 'dev.{{ env "ROOT_DOMAIN" }}' resources: - '^/users/bob/.*$' subject: - ['user:bob'] - policy: two_factor + policy: 'two_factor' session: - name: authelia_session - expiration: 3600000 # 1 hour - inactivity: 300000 # 5 minutes + name: 'authelia_session' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes domain: '{{ env "ROOT_DOMAIN" }}' redis: - host: ${SERVICES_SERVER} + host: '${SERVICES_SERVER}' port: 6379 high_availability: - sentinel_name: test + sentinel_name: 'test' regulation: max_retries: 3 - find_time: 120 - ban_time: 300 + find_time: '2m' + ban_time: '5m' storage: mysql: address: 'tcp://{{ env "SERVICES_SERVER" }}:3306' - database: authelia - username: authelia + database: 'authelia' + username: 'authelia' notifier: smtp: - username: test + username: 'test' address: 'smtp://{{ env "SERVICES_SERVER" }}:1025' sender: 'admin@{{ env "ROOT_DOMAIN" }}' disable_require_tls: true @@ -176,16 +176,16 @@ identity_providers: oidc: cors: allowed_origins: - - https://google.com - - https://example.com + - 'https://google.com' + - 'https://example.com' clients: - - id: abc + - id: 'abc' secret: '${ABC_CLIENT_SECRET}' - consent_mode: explicit - - id: xyz + consent_mode: 'explicit' + - id: 'xyz' secret: '$XYZ_CLIENT_SECRET' - consent_mode: explicit + consent_mode: 'explicit' - id: '123' - secret: $ANOTHER_CLIENT_SECRET - consent_mode: explicit + secret: '$ANOTHER_CLIENT_SECRET' + consent_mode: 'explicit' ... diff --git a/internal/suites/ActiveDirectory/configuration.yml b/internal/suites/ActiveDirectory/configuration.yml index a16d41a22..6eedd7754 100644 --- a/internal/suites/ActiveDirectory/configuration.yml +++ b/internal/suites/ActiveDirectory/configuration.yml @@ -3,69 +3,69 @@ # Authelia minimal configuration # ############################################################### -theme: grey -jwt_secret: very_important_secret -default_redirection_url: https://home.example.com:8080/ +theme: 'grey' +jwt_secret: 'very_important_secret' +default_redirection_url: 'https://home.example.com:8080/' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: ldap: address: 'ldap://sambaldap' - implementation: activedirectory + implementation: 'activedirectory' tls: skip_verify: true start_tls: true - base_dn: DC=example,DC=com - additional_users_dn: OU=Users - additional_groups_dn: OU=Groups - user: CN=Administrator,CN=Users,DC=example,DC=com - password: password + base_dn: 'DC=example,DC=com' + additional_users_dn: 'OU=Users' + additional_groups_dn: 'OU=Groups' + user: 'CN=Administrator,CN=Users,DC=example,DC=com' + password: 'password' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite3 + path: '/config/db.sqlite3' totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' regulation: max_retries: 3 - find_time: 300 - ban_time: 900 + find_time: '5m' + ban_time: '15m' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/BypassAll/configuration.yml b/internal/suites/BypassAll/configuration.yml index 7802b6493..5a80dd533 100644 --- a/internal/suites/BypassAll/configuration.yml +++ b/internal/suites/BypassAll/configuration.yml @@ -6,49 +6,49 @@ server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' # The Duo Push Notification API configuration duo_api: - hostname: duo.example.com - integration_key: ABCDEFGHIJKL - secret_key: abcdefghijklmnopqrstuvwxyz123456789 + hostname: 'duo.example.com' + integration_key: 'ABCDEFGHIJKL' + secret_key: 'abcdefghijklmnopqrstuvwxyz123456789' access_control: - default_policy: bypass + default_policy: 'bypass' rules: - - domain: "public.example.com" - policy: bypass - - domain: "secure.example.com" - policy: two_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'secure.example.com' + policy: 'two_factor' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com - disable_require_tls: true + sender: 'admin@example.com' + disable_require_tls: 'true' ... diff --git a/internal/suites/BypassAll/users.yml b/internal/suites/BypassAll/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/BypassAll/users.yml +++ b/internal/suites/BypassAll/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/CLI/configuration.yml b/internal/suites/CLI/configuration.yml index e27f5a1d1..4d00bb21c 100644 --- a/internal/suites/CLI/configuration.yml +++ b/internal/suites/CLI/configuration.yml @@ -6,61 +6,61 @@ server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret + secret: 'unsecure_session_secret' cookies: - name: 'authelia_session' domain: 'example.com' authelia_url: 'https://login.example.com:8080' - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /tmp/db.sqlite + path: '/tmp/db.sqlite' access_control: - default_policy: bypass + default_policy: 'bypass' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor - - domain: "resources.example.com" - policy: one_factor - resources: ["^/resources"] - - domain: "method.example.com" - policy: one_factor - methods: ["POST"] - - domain: "network.example.com" - policy: one_factor - networks: ["192.168.1.0/24"] - - domain: "group.example.com" - policy: one_factor - subject: ["group:basic"] - - domain: "user.example.com" - policy: one_factor - subject: ["user:john"] + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' + - domain: 'resources.example.com' + policy: 'one_factor' + resources: ['^/resources'] + - domain: 'method.example.com' + policy: 'one_factor' + methods: ['POST'] + - domain: 'network.example.com' + policy: 'one_factor' + networks: ['192.168.1.0/24'] + - domain: 'group.example.com' + policy: 'one_factor' + subject: ['group:basic'] + - domain: 'user.example.com' + policy: 'one_factor' + subject: ['user:john'] notifier: filesystem: - filename: /tmp/notification.txt + filename: '/tmp/notification.txt' ... diff --git a/internal/suites/CLI/docker-compose.yml b/internal/suites/CLI/docker-compose.yml index 886561fd6..538f817e0 100644 --- a/internal/suites/CLI/docker-compose.yml +++ b/internal/suites/CLI/docker-compose.yml @@ -8,5 +8,5 @@ services: - './CLI/users.yml:/config/users.yml' - './common/pki:/pki:ro' - '/tmp:/tmp' - user: ${USER_ID}:${GROUP_ID} + user: '${USER_ID}:${GROUP_ID}' ... diff --git a/internal/suites/CLI/storage.yml b/internal/suites/CLI/storage.yml index 9b8111b21..fbe6fd1d3 100644 --- a/internal/suites/CLI/storage.yml +++ b/internal/suites/CLI/storage.yml @@ -1,6 +1,6 @@ --- storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /tmp/db.sqlite3 + path: '/tmp/db.sqlite3' ... diff --git a/internal/suites/CLI/users.yml b/internal/suites/CLI/users.yml index c190246ce..3a9613bbe 100644 --- a/internal/suites/CLI/users.yml +++ b/internal/suites/CLI/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/Caddy/configuration.yml b/internal/suites/Caddy/configuration.yml index a1b55633d..cca3f9bb5 100644 --- a/internal/suites/Caddy/configuration.yml +++ b/internal/suites/Caddy/configuration.yml @@ -3,56 +3,56 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' server: address: 'tcp://:9091' asset_path: '/config/assets/' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' endpoints: authz: caddy: - implementation: ForwardAuth + implementation: 'ForwardAuth' authn_strategies: [] log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: bypass + default_policy: 'bypass' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/Caddy/users.yml b/internal/suites/Caddy/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/Caddy/users.yml +++ b/internal/suites/Caddy/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/Docker/configuration.yml b/internal/suites/Docker/configuration.yml index 70692bb00..fe8b51faf 100644 --- a/internal/suites/Docker/configuration.yml +++ b/internal/suites/Docker/configuration.yml @@ -3,89 +3,89 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: very_important_secret -default_redirection_url: https://home.example.com:8080/ +jwt_secret: 'very_important_secret' +default_redirection_url: 'https://home.example.com:8080/' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite3 + path: '/config/db.sqlite3' totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: singlefactor.example.com - policy: one_factor + - domain: 'singlefactor.example.com' + policy: 'one_factor' - - domain: public.example.com - policy: bypass + - domain: 'public.example.com' + policy: 'bypass' - - domain: secure.example.com - policy: two_factor + - domain: 'secure.example.com' + policy: 'two_factor' - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' regulation: # Set it to 0 to disable max_retries. max_retries: 3 # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window. - find_time: 300 + find_time: '5m' # The length of time before a banned user can login again. - ban_time: 900 + ban_time: '15m' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/Docker/users.yml b/internal/suites/Docker/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/Docker/users.yml +++ b/internal/suites/Docker/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/DuoPush/configuration.yml b/internal/suites/DuoPush/configuration.yml index 3235ce73c..4d6b56c77 100644 --- a/internal/suites/DuoPush/configuration.yml +++ b/internal/suites/DuoPush/configuration.yml @@ -3,49 +3,49 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: very_important_secret -default_redirection_url: https://home.example.com:8080/ +jwt_secret: 'very_important_secret' +default_redirection_url: 'https://home.example.com:8080/' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: trace + level: 'trace' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' # Configuration of the storage backend used to store data and secrets. i.e. totp data storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /tmp/db.sqlite3 + path: '/tmp/db.sqlite3' # TOTP Issuer Name # # This will be the issuer name displayed in Google Authenticator -# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names +# See: 'https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names' totp: - issuer: example.com + issuer: 'example.com' # The Duo Push Notification API configuration duo_api: - hostname: duo.example.com - integration_key: ABCDEFGHIJKL - secret_key: abcdefghijklmnopqrstuvwxyz123456789 + hostname: 'duo.example.com' + integration_key: 'ABCDEFGHIJKL' + secret_key: 'abcdefghijklmnopqrstuvwxyz123456789' enable_self_enrollment: true # Access Control @@ -54,43 +54,43 @@ duo_api: # resources. access_control: # Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`. - default_policy: two_factor + default_policy: 'two_factor' rules: - - domain: singlefactor.example.com - policy: one_factor + - domain: 'singlefactor.example.com' + policy: 'one_factor' - - domain: public.example.com - policy: bypass + - domain: 'public.example.com' + policy: 'bypass' - - domain: secure.example.com - policy: two_factor + - domain: 'secure.example.com' + policy: 'two_factor' - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' # Configuration of the authentication regulation mechanism. regulation: @@ -98,12 +98,12 @@ regulation: max_retries: 3 # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window. - find_time: 300 + find_time: '5m' # The length of time before a banned user can login again. - ban_time: 900 + ban_time: '15m' notifier: filesystem: - filename: /tmp/notifier.html + filename: '/tmp/notifier.html' ... diff --git a/internal/suites/DuoPush/docker-compose.yml b/internal/suites/DuoPush/docker-compose.yml index 1a3d12015..896bf23bc 100644 --- a/internal/suites/DuoPush/docker-compose.yml +++ b/internal/suites/DuoPush/docker-compose.yml @@ -7,5 +7,5 @@ services: - './DuoPush/users.yml:/config/users.yml' - './common/pki:/pki:ro' - '/tmp:/tmp' - user: ${USER_ID}:${GROUP_ID} + user: '${USER_ID}:${GROUP_ID}' ... diff --git a/internal/suites/DuoPush/users.yml b/internal/suites/DuoPush/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/DuoPush/users.yml +++ b/internal/suites/DuoPush/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/Envoy/configuration.yml b/internal/suites/Envoy/configuration.yml index 4ec2d94fd..4afe6e7d5 100644 --- a/internal/suites/Envoy/configuration.yml +++ b/internal/suites/Envoy/configuration.yml @@ -3,59 +3,59 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' server: address: 'tcp://:9091' asset_path: '/config/assets/' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' endpoints: authz: ext-authz: - implementation: ExtAuthz + implementation: 'ExtAuthz' authn_strategies: [] log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - name: 'authelia_session' domain: 'example.com' authelia_url: 'https://login.example.com:8080/' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: bypass + default_policy: 'bypass' rules: - - domain: "login.example.com" - policy: bypass - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'login.example.com' + policy: 'bypass' + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/Envoy/users.yml b/internal/suites/Envoy/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/Envoy/users.yml +++ b/internal/suites/Envoy/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/HAProxy/configuration.yml b/internal/suites/HAProxy/configuration.yml index 2a0c29bbb..6c21b5f66 100644 --- a/internal/suites/HAProxy/configuration.yml +++ b/internal/suites/HAProxy/configuration.yml @@ -3,50 +3,50 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: bypass + default_policy: 'bypass' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/HAProxy/users.yml b/internal/suites/HAProxy/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/HAProxy/users.yml +++ b/internal/suites/HAProxy/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/HighAvailability/configuration.yml b/internal/suites/HighAvailability/configuration.yml index 8aece0597..d45e3c0de 100644 --- a/internal/suites/HighAvailability/configuration.yml +++ b/internal/suites/HighAvailability/configuration.yml @@ -3,125 +3,125 @@ # Authelia configuration # ############################################################### -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' totp: - issuer: authelia.com + issuer: 'authelia.com' authentication_backend: ldap: address: 'ldap://openldap' - base_dn: dc=example,dc=com - username_attribute: uid - additional_users_dn: ou=users - users_filter: (&({username_attribute}={input})(objectClass=person)) - additional_groups_dn: ou=groups - groups_filter: (&(member={dn})(objectClass=groupOfNames)) - group_name_attribute: cn - mail_attribute: mail - display_name_attribute: displayName - user: cn=admin,dc=example,dc=com - password: password + base_dn: 'dc=example,dc=com' + username_attribute: 'uid' + additional_users_dn: 'ou=users' + users_filter: '(&({username_attribute}={input})(objectClass=person))' + additional_groups_dn: 'ou=groups' + groups_filter: '(&(member={dn})(objectClass=groupOfNames))' + group_name_attribute: 'cn' + mail_attribute: 'mail' + display_name_attribute: 'displayName' + user: 'cn=admin,dc=example,dc=com' + password: 'password' access_control: - default_policy: deny + default_policy: 'deny' rules: # Rules applied to everyone - - domain: public.example.com - policy: bypass - - domain: secure.example.com - policy: two_factor - - domain: singlefactor.example.com - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' # Rules applied to 'admins' group - - domain: mx2.mail.example.com - subject: "group:admins" - policy: deny + - domain: 'mx2.mail.example.com' + subject: 'group:admins' + policy: 'deny' # Rules applied to user 'john' - - domain: "*.example.com" - subject: "user:john" - policy: two_factor + - domain: '*.example.com' + subject: 'user:john' + policy: 'two_factor' - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' # Rules applied to 'dev' group - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/groups/dev/.*$" - subject: "group:dev" - policy: two_factor + - '^/groups/dev/.*$' + subject: 'group:dev' + policy: 'two_factor' # Rules applied to user 'harry' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' # Rules applied to user 'bob' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor - - domain: "dev.example.com" + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' session: - name: authelia_session - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes + name: 'authelia_session' + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' redis: - username: authelia - password: redis-user-password + username: 'authelia' + password: 'redis-user-password' high_availability: - sentinel_name: authelia - sentinel_password: sentinel-server-password + sentinel_name: 'authelia' + sentinel_password: 'sentinel-server-password' nodes: - - host: redis-sentinel-0 + - host: 'redis-sentinel-0' port: 26379 - - host: redis-sentinel-1 + - host: 'redis-sentinel-1' port: 26379 - - host: redis-sentinel-2 + - host: 'redis-sentinel-2' port: 26379 - remember_me: 1y + remember_me: '1y' regulation: max_retries: 3 - find_time: 8 + find_time: '8s' ban_time: 10 storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' mysql: address: 'tcp://mariadb:3306' - database: authelia - username: admin - password: password + database: 'authelia' + username: 'admin' + password: 'password' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/LDAP/configuration.yml b/internal/suites/LDAP/configuration.yml index 1847f411e..64a1cbc02 100644 --- a/internal/suites/LDAP/configuration.yml +++ b/internal/suites/LDAP/configuration.yml @@ -3,73 +3,73 @@ # Authelia minimal configuration # ############################################################### -theme: dark -jwt_secret: very_important_secret -default_redirection_url: https://home.example.com:8080/ +theme: 'dark' +jwt_secret: 'very_important_secret' +default_redirection_url: 'https://home.example.com:8080/' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: ldap: address: 'ldaps://openldap' tls: skip_verify: true - base_dn: dc=example,dc=com - username_attribute: uid - additional_users_dn: ou=users - users_filter: (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(objectClass=inetOrgPerson)) # yamllint disable-line rule:line-length - additional_groups_dn: ou=groups - groups_filter: (&(member={dn})(objectClass=groupOfNames)) - group_name_attribute: cn - mail_attribute: mail - display_name_attribute: displayName - user: cn=pwmanager,dc=example,dc=com - password: password + base_dn: 'dc=example,dc=com' + username_attribute: 'uid' + additional_users_dn: 'ou=users' + users_filter: '(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(objectClass=inetOrgPerson))' # yamllint disable-line rule:line-length + additional_groups_dn: 'ou=groups' + groups_filter: '(&(member={dn})(objectClass=groupOfNames))' + group_name_attribute: 'cn' + mail_attribute: 'mail' + display_name_attribute: 'displayName' + user: 'cn=pwmanager,dc=example,dc=com' + password: 'password' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite3 + path: '/config/db.sqlite3' totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' regulation: max_retries: 3 - find_time: 300 - ban_time: 900 + find_time: '5m' + ban_time: '15m' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com - disable_require_tls: true + sender: 'admin@example.com' + disable_require_tls: 'true' ... diff --git a/internal/suites/MariaDB/configuration.yml b/internal/suites/MariaDB/configuration.yml index 3b7fb220f..20f399c90 100644 --- a/internal/suites/MariaDB/configuration.yml +++ b/internal/suites/MariaDB/configuration.yml @@ -3,58 +3,58 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: very_important_secret -default_redirection_url: https://home.example.com:8080/ +jwt_secret: 'very_important_secret' +default_redirection_url: 'https://home.example.com:8080/' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' # Configuration of the storage backend used to store data and secrets. i.e. totp data storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' mysql: address: 'tcp://mariadb:3306' - database: authelia - username: admin - password: password + database: 'authelia' + username: 'admin' + password: 'password' # TOTP Issuer Name # # This will be the issuer name displayed in Google Authenticator # See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' # Configuration of the authentication regulation mechanism. regulation: @@ -62,7 +62,7 @@ regulation: max_retries: 3 # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window. - find_time: 8 + find_time: '8s' # The length of time before a banned user can login again. ban_time: 10 @@ -71,6 +71,6 @@ notifier: # Use a SMTP server for sending notifications smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/MariaDB/users.yml b/internal/suites/MariaDB/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/MariaDB/users.yml +++ b/internal/suites/MariaDB/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/MultiCookieDomain/configuration.yml b/internal/suites/MultiCookieDomain/configuration.yml index c4dd3fa1b..f8d3c6b07 100644 --- a/internal/suites/MultiCookieDomain/configuration.yml +++ b/internal/suites/MultiCookieDomain/configuration.yml @@ -3,14 +3,14 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret -theme: auto +jwt_secret: 'unsecure_secret' +theme: 'auto' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' telemetry: metrics: @@ -18,17 +18,17 @@ telemetry: address: 'tcp://:9959' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 - inactivity: 300 - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' + inactivity: '5m' + remember_me: '1y' cookies: - name: 'authelia_session' domain: 'example.com' @@ -42,153 +42,153 @@ session: authelia_url: 'https://login.example3.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: # First cookie domain - - domain: singlefactor.example.com - policy: one_factor + - domain: 'singlefactor.example.com' + policy: 'one_factor' - - domain: public.example.com - policy: bypass + - domain: 'public.example.com' + policy: 'bypass' - - domain: secure.example.com - policy: bypass + - domain: 'secure.example.com' + policy: 'bypass' methods: - - OPTIONS + - 'OPTIONS' - - domain: secure.example.com - policy: two_factor + - domain: 'secure.example.com' + policy: 'two_factor' - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' # Second cookie domain - - domain: singlefactor.example2.com - policy: one_factor + - domain: 'singlefactor.example2.com' + policy: 'one_factor' - - domain: public.example2.com - policy: bypass + - domain: 'public.example2.com' + policy: 'bypass' - - domain: secure.example2.com - policy: bypass + - domain: 'secure.example2.com' + policy: 'bypass' methods: - - OPTIONS + - 'OPTIONS' - - domain: secure.example2.com - policy: two_factor + - domain: 'secure.example2.com' + policy: 'two_factor' - - domain: "*.example2.com" - subject: "group:admins" - policy: two_factor + - domain: '*.example2.com' + subject: 'group:admins' + policy: 'two_factor' - - domain: dev.example2.com + - domain: 'dev.example2.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' - - domain: dev.example2.com + - domain: 'dev.example2.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' - - domain: "*.mail.example2.com" - subject: "user:bob" - policy: two_factor + - domain: '*.mail.example2.com' + subject: 'user:bob' + policy: 'two_factor' - - domain: dev.example2.com + - domain: 'dev.example2.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' # Third cookie domain - - domain: singlefactor.example3.com - policy: one_factor + - domain: 'singlefactor.example3.com' + policy: 'one_factor' - - domain: public.example3.com - policy: bypass + - domain: 'public.example3.com' + policy: 'bypass' - - domain: secure.example3.com - policy: bypass + - domain: 'secure.example3.com' + policy: 'bypass' methods: - - OPTIONS + - 'OPTIONS' - - domain: secure.example3.com - policy: two_factor + - domain: 'secure.example3.com' + policy: 'two_factor' - - domain: "*.example3.com" - subject: "group:admins" - policy: two_factor + - domain: '*.example3.com' + subject: 'group:admins' + policy: 'two_factor' - - domain: dev.example3.com + - domain: 'dev.example3.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' - - domain: dev.example3.com + - domain: 'dev.example3.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' - - domain: "*.mail.example3.com" - subject: "user:bob" - policy: two_factor + - domain: '*.mail.example3.com' + subject: 'user:bob' + policy: 'two_factor' - - domain: dev.example3.com + - domain: 'dev.example3.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' regulation: # Set it to 0 to disable max_retries. max_retries: 3 # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window. - find_time: 300 + find_time: '5m' # The length of time before a banned user can login again. - ban_time: 900 + ban_time: '15m' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ntp: ## NTP server address @@ -196,7 +196,7 @@ ntp: ## ntp version version: 4 ## "maximum desynchronization" is the allowed offset time between the host and the ntp server - max_desync: 3s + max_desync: '3s' ## You can enable or disable the NTP synchronization check on startup disable_startup_check: false diff --git a/internal/suites/MultiCookieDomain/users.yml b/internal/suites/MultiCookieDomain/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/MultiCookieDomain/users.yml +++ b/internal/suites/MultiCookieDomain/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/MySQL/configuration.yml b/internal/suites/MySQL/configuration.yml index 2427b915e..0e2b827cb 100644 --- a/internal/suites/MySQL/configuration.yml +++ b/internal/suites/MySQL/configuration.yml @@ -6,32 +6,32 @@ server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' -default_redirection_url: https://home.example.com:8080/ +default_redirection_url: 'https://home.example.com:8080/' -jwt_secret: very_important_secret +jwt_secret: 'very_important_secret' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' # Configuration of the storage backend used to store data and secrets. i.e. totp data storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' mysql: address: 'tcp://mysql:3306' database: 'authelia' @@ -43,19 +43,19 @@ storage: # This will be the issuer name displayed in Google Authenticator # See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' # Configuration of the authentication regulation mechanism. regulation: @@ -63,7 +63,7 @@ regulation: max_retries: 3 # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window. - find_time: 8 + find_time: '8s' # The length of time before a banned user can login again. ban_time: 10 @@ -72,6 +72,6 @@ notifier: # Use a SMTP server for sending notifications smtp: address: 'smtp://smtp:1025' - sender: admin@example.com - disable_require_tls: true + sender: 'admin@example.com' + disable_require_tls: 'true' ... diff --git a/internal/suites/MySQL/users.yml b/internal/suites/MySQL/users.yml index a52978b20..03e97d3cf 100644 --- a/internal/suites/MySQL/users.yml +++ b/internal/suites/MySQL/users.yml @@ -8,28 +8,26 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev - + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev - + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/NetworkACL/configuration.yml b/internal/suites/NetworkACL/configuration.yml index 309d1ba4a..abda0d9ce 100644 --- a/internal/suites/NetworkACL/configuration.yml +++ b/internal/suites/NetworkACL/configuration.yml @@ -6,71 +6,71 @@ server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' -jwt_secret: unsecure_password +jwt_secret: 'unsecure_password' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' # Configuration of the storage backend used to store data and secrets. i.e. totp data storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' # Access Control # # Access control is a set of rules you can use to restrict user access to certain # resources. access_control: - default_policy: deny + default_policy: 'deny' networks: - - name: Clients + - name: 'Clients' networks: - 192.168.240.202/32 - 192.168.240.203/32 rules: - - domain: secure.example.com - policy: one_factor + - domain: 'secure.example.com' + policy: 'one_factor' networks: - 192.168.240.201/32 - - domain: secure.example.com - policy: bypass + - domain: 'secure.example.com' + policy: 'bypass' networks: - - Clients + - 'Clients' - - domain: secure.example.com - policy: two_factor + - domain: 'secure.example.com' + policy: 'two_factor' # Configuration of the authentication regulation mechanism. regulation: # Set it to 0 to disable max_retries. max_retries: 3 # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window. - find_time: 300 + find_time: '5m' # The length of time before a banned user can login again. - ban_time: 900 + ban_time: '15m' notifier: # Use a SMTP server for sending notifications smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/NetworkACL/users.yml b/internal/suites/NetworkACL/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/NetworkACL/users.yml +++ b/internal/suites/NetworkACL/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/OIDC/configuration.yml b/internal/suites/OIDC/configuration.yml index e2c640839..22243ed50 100644 --- a/internal/suites/OIDC/configuration.yml +++ b/internal/suites/OIDC/configuration.yml @@ -2,78 +2,78 @@ server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret + secret: 'unsecure_session_secret' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' # We use redis here to keep the users authenticated when Authelia restarts # It eases development. redis: - host: redis + host: 'redis' port: 6379 storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: "home.example.com" - policy: bypass - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor - - domain: "oidc.example.com" - policy: two_factor - - domain: "oidc-public.example.com" - policy: bypass + - domain: 'home.example.com' + policy: 'bypass' + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' + - domain: 'oidc.example.com' + policy: 'two_factor' + - domain: 'oidc-public.example.com' + policy: 'bypass' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true identity_providers: oidc: enable_client_debug_messages: true - hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm + hmac_secret: 'IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm' clients: - - id: oidc-tester-app - secret: foobar - authorization_policy: two_factor + - id: 'oidc-tester-app' + secret: 'foobar' + authorization_policy: 'two_factor' redirect_uris: - https://oidc.example.com:8080/oauth2/callback # This client is used for testing purpose. As of now, the app must be protected by ACLs # otherwise it won't work properly. - - id: oidc-tester-app-public - secret: foobar - authorization_policy: one_factor + - id: 'oidc-tester-app-public' + secret: 'foobar' + authorization_policy: 'one_factor' redirect_uris: - https://oidc-public.example.com:8080/oauth2/callback ... diff --git a/internal/suites/OIDC/docker-compose.yml b/internal/suites/OIDC/docker-compose.yml index a078d190a..8e99dfedb 100644 --- a/internal/suites/OIDC/docker-compose.yml +++ b/internal/suites/OIDC/docker-compose.yml @@ -3,8 +3,8 @@ version: '3' services: authelia-backend: environment: - AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: /pki/public.oidc.chain.pem - AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /pki/private.oidc.pem + AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: '/pki/public.oidc.chain.pem' + AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: '/pki/private.oidc.pem' volumes: - './OIDC/configuration.yml:/config/configuration.yml:ro' - './OIDC/users.yml:/config/users.yml' diff --git a/internal/suites/OIDC/users.yml b/internal/suites/OIDC/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/OIDC/users.yml +++ b/internal/suites/OIDC/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/OIDCTraefik/configuration.yml b/internal/suites/OIDCTraefik/configuration.yml index be074e1f6..e1330e91a 100644 --- a/internal/suites/OIDCTraefik/configuration.yml +++ b/internal/suites/OIDCTraefik/configuration.yml @@ -2,23 +2,23 @@ server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' @@ -26,55 +26,55 @@ session: # We use redis here to keep the users authenticated when Authelia restarts # It eases development. redis: - host: redis + host: 'redis' port: 6379 storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: "home.example.com" - policy: bypass - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor - - domain: "oidc.example.com" - policy: two_factor - - domain: "oidc-public.example.com" - policy: bypass - - domain: "traefik.example.com" - policy: bypass + - domain: 'home.example.com' + policy: 'bypass' + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' + - domain: 'oidc.example.com' + policy: 'two_factor' + - domain: 'oidc-public.example.com' + policy: 'bypass' + - domain: 'traefik.example.com' + policy: 'bypass' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true identity_providers: oidc: enable_client_debug_messages: true - hmac_secret: IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm + hmac_secret: 'IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm' clients: - - id: oidc-tester-app - secret: foobar - authorization_policy: two_factor + - id: 'oidc-tester-app' + secret: 'foobar' + authorization_policy: 'two_factor' redirect_uris: - https://oidc.example.com:8080/oauth2/callback # This client is used for testing purpose. As of now, the app must be protected by ACLs # otherwise it won't work properly. - - id: oidc-tester-app-public - secret: foobar - authorization_policy: one_factor + - id: 'oidc-tester-app-public' + secret: 'foobar' + authorization_policy: 'one_factor' redirect_uris: - https://oidc-public.example.com:8080/oauth2/callback ... diff --git a/internal/suites/OIDCTraefik/docker-compose.yml b/internal/suites/OIDCTraefik/docker-compose.yml index 1af5fd9b3..45e6c56dc 100644 --- a/internal/suites/OIDCTraefik/docker-compose.yml +++ b/internal/suites/OIDCTraefik/docker-compose.yml @@ -3,8 +3,8 @@ version: '3' services: authelia-backend: environment: - AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: /pki/public.oidc.chain.pem - AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: /pki/private.oidc.pem + AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_CERTIFICATE_CHAIN_FILE: '/pki/public.oidc.chain.pem' + AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: '/pki/private.oidc.pem' volumes: - './OIDCTraefik/configuration.yml:/config/configuration.yml:ro' - './OIDCTraefik/users.yml:/config/users.yml' diff --git a/internal/suites/OIDCTraefik/users.yml b/internal/suites/OIDCTraefik/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/OIDCTraefik/users.yml +++ b/internal/suites/OIDCTraefik/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/OneFactorOnly/configuration.yml b/internal/suites/OneFactorOnly/configuration.yml index 21f6cc5f0..a87474b27 100644 --- a/internal/suites/OneFactorOnly/configuration.yml +++ b/internal/suites/OneFactorOnly/configuration.yml @@ -3,49 +3,49 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret -default_redirection_url: https://home.example.com:8080/ +jwt_secret: 'unsecure_secret' +default_redirection_url: 'https://home.example.com:8080/' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: singlefactor.example.com - policy: one_factor - - domain: public.example.com - policy: bypass - - domain: home.example.com - policy: bypass - - domain: unsafe.local - policy: bypass + - domain: 'singlefactor.example.com' + policy: 'one_factor' + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'home.example.com' + policy: 'bypass' + - domain: 'unsafe.local' + policy: 'bypass' notifier: filesystem: - filename: /config/notifier.html + filename: '/config/notifier.html' ... diff --git a/internal/suites/OneFactorOnly/users.yml b/internal/suites/OneFactorOnly/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/OneFactorOnly/users.yml +++ b/internal/suites/OneFactorOnly/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/PathPrefix/configuration.yml b/internal/suites/PathPrefix/configuration.yml index 441b88b20..7fc90658a 100644 --- a/internal/suites/PathPrefix/configuration.yml +++ b/internal/suites/PathPrefix/configuration.yml @@ -3,51 +3,51 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' server: address: 'tcp://:9091' path: 'auth' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080/auth/' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: bypass + default_policy: 'bypass' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com - disable_require_tls: true + sender: 'admin@example.com' + disable_require_tls: 'true' ... diff --git a/internal/suites/PathPrefix/users.yml b/internal/suites/PathPrefix/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/PathPrefix/users.yml +++ b/internal/suites/PathPrefix/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/Postgres/configuration.yml b/internal/suites/Postgres/configuration.yml index d4c60290d..9f1280b6a 100644 --- a/internal/suites/Postgres/configuration.yml +++ b/internal/suites/Postgres/configuration.yml @@ -3,34 +3,34 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: very_important_secret -default_redirection_url: https://home.example.com:8080/ +jwt_secret: 'very_important_secret' +default_redirection_url: 'https://home.example.com:8080/' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' # Configuration of the storage backend used to store data and secrets. i.e. totp data storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' postgres: address: 'tcp://postgres:5432' database: 'authelia' @@ -42,19 +42,19 @@ storage: # This will be the issuer name displayed in Google Authenticator # See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' # Configuration of the authentication regulation mechanism. regulation: @@ -62,7 +62,7 @@ regulation: max_retries: 3 # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window. - find_time: 8 + find_time: '8s' # The length of time before a banned user can login again. ban_time: 10 @@ -71,6 +71,6 @@ notifier: # Use a SMTP server for sending notifications smtp: address: 'smtp://smtp:1025' - sender: admin@example.com - disable_require_tls: true + sender: 'admin@example.com' + disable_require_tls: 'true' ... diff --git a/internal/suites/Postgres/users.yml b/internal/suites/Postgres/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/Postgres/users.yml +++ b/internal/suites/Postgres/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/ShortTimeouts/configuration.yml b/internal/suites/ShortTimeouts/configuration.yml index e330dca6c..db934974a 100644 --- a/internal/suites/ShortTimeouts/configuration.yml +++ b/internal/suites/ShortTimeouts/configuration.yml @@ -3,81 +3,81 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret -default_redirection_url: https://home.example.com:8080/ +jwt_secret: 'unsecure_secret' +default_redirection_url: 'https://home.example.com:8080/' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret + secret: 'unsecure_session_secret' cookies: - name: 'authelia_sessin' domain: 'example.com' authelia_url: 'https://login.example.com:8080' inactivity: 5 - expiration: 8 - remember_me: 1y + expiration: '8s' + remember_me: '1y' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: singlefactor.example.com - policy: one_factor + - domain: 'singlefactor.example.com' + policy: 'one_factor' - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' regulation: max_retries: 3 - find_time: 5 + find_time: '5s' ban_time: 10 notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/ShortTimeouts/users.yml b/internal/suites/ShortTimeouts/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/ShortTimeouts/users.yml +++ b/internal/suites/ShortTimeouts/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/Standalone/configuration.yml b/internal/suites/Standalone/configuration.yml index 255afeeae..d34957c51 100644 --- a/internal/suites/Standalone/configuration.yml +++ b/internal/suites/Standalone/configuration.yml @@ -3,103 +3,103 @@ # Authelia minimal configuration # ############################################################### -theme: auto +theme: 'auto' server: address: 'tcp://:9091' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' telemetry: metrics: enabled: true - address: tcp://0.0.0.0:9959 + address: 'tcp://:9959' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - expiration: 3600 - inactivity: 300 - remember_me: 1y + expiration: '1h' + inactivity: '5m' + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /tmp/db.sqlite3 + path: '/tmp/db.sqlite3' totp: - issuer: example.com + issuer: 'example.com' access_control: - default_policy: deny + default_policy: 'deny' rules: - - domain: singlefactor.example.com - policy: one_factor + - domain: 'singlefactor.example.com' + policy: 'one_factor' - - domain: public.example.com - policy: bypass + - domain: 'public.example.com' + policy: 'bypass' - - domain: secure.example.com - policy: bypass + - domain: 'secure.example.com' + policy: 'bypass' methods: - - OPTIONS + - 'OPTIONS' - - domain: secure.example.com - policy: two_factor + - domain: 'secure.example.com' + policy: 'two_factor' - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' regulation: # Set it to 0 to disable max_retries. max_retries: 3 # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window. - find_time: 300 + find_time: '5m' # The length of time before a banned user can login again. - ban_time: 900 + ban_time: '15m' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ntp: ## NTP server address - address: "time.cloudflare.com:123" + address: 'time.cloudflare.com:123' ## ntp version version: 4 ## "maximum desynchronization" is the allowed offset time between the host and the ntp server diff --git a/internal/suites/Standalone/docker-compose.yml b/internal/suites/Standalone/docker-compose.yml index 3bda7e4f4..5cfa4c3d4 100644 --- a/internal/suites/Standalone/docker-compose.yml +++ b/internal/suites/Standalone/docker-compose.yml @@ -3,12 +3,12 @@ version: '3' services: authelia-backend: environment: - - AUTHELIA_JWT_SECRET_FILE=/tmp/authelia/StandaloneSuite/jwt - - AUTHELIA_SESSION_SECRET_FILE=/tmp/authelia/StandaloneSuite/session + - 'AUTHELIA_JWT_SECRET_FILE=/tmp/authelia/StandaloneSuite/jwt' + - 'AUTHELIA_SESSION_SECRET_FILE=/tmp/authelia/StandaloneSuite/session' volumes: - './Standalone/configuration.yml:/config/configuration.yml:ro' - './Standalone/users.yml:/config/users.yml' - './common/pki:/pki:ro' - '/tmp:/tmp' - user: ${USER_ID}:${GROUP_ID} + user: '${USER_ID}:${GROUP_ID}' ... diff --git a/internal/suites/Standalone/users.yml b/internal/suites/Standalone/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/Standalone/users.yml +++ b/internal/suites/Standalone/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/Traefik/configuration.yml b/internal/suites/Traefik/configuration.yml index 2276926be..defe849e2 100644 --- a/internal/suites/Traefik/configuration.yml +++ b/internal/suites/Traefik/configuration.yml @@ -3,51 +3,51 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' server: address: 'tcp://:9091' asset_path: '/config/assets/' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: bypass + default_policy: 'bypass' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/Traefik/users.yml b/internal/suites/Traefik/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/Traefik/users.yml +++ b/internal/suites/Traefik/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/Traefik2/configuration.yml b/internal/suites/Traefik2/configuration.yml index a77c46b13..d1036bbdf 100644 --- a/internal/suites/Traefik2/configuration.yml +++ b/internal/suites/Traefik2/configuration.yml @@ -3,58 +3,58 @@ # Authelia minimal configuration # ############################################################### -jwt_secret: unsecure_secret +jwt_secret: 'unsecure_secret' server: address: 'tcp://:9091' asset_path: '/config/assets/' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' endpoints: authz: forward-auth: - implementation: ForwardAuth + implementation: 'ForwardAuth' authn_strategies: [] log: - level: debug + level: 'debug' authentication_backend: file: - path: /config/users.yml + path: '/config/users.yml' session: - secret: unsecure_session_secret - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + secret: 'unsecure_session_secret' + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' redis: - host: redis + host: 'redis' port: 6379 - username: authelia - password: redis-user-password + username: 'authelia' + password: 'redis-user-password' storage: - encryption_key: a_not_so_secure_encryption_key + encryption_key: 'a_not_so_secure_encryption_key' local: - path: /config/db.sqlite + path: '/config/db.sqlite' access_control: - default_policy: bypass + default_policy: 'bypass' rules: - - domain: "public.example.com" - policy: bypass - - domain: "admin.example.com" - policy: two_factor - - domain: "secure.example.com" - policy: two_factor - - domain: "singlefactor.example.com" - policy: one_factor + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'admin.example.com' + policy: 'two_factor' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' ntp: version: 3 @@ -62,6 +62,6 @@ ntp: notifier: smtp: address: 'smtp://smtp:1025' - sender: admin@example.com + sender: 'admin@example.com' disable_require_tls: true ... diff --git a/internal/suites/Traefik2/users.yml b/internal/suites/Traefik2/users.yml index a52978b20..d56f3322f 100644 --- a/internal/suites/Traefik2/users.yml +++ b/internal/suites/Traefik2/users.yml @@ -8,28 +8,28 @@ # List of users users: john: - displayname: "John Doe" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: john.doe@authelia.com + displayname: 'John Doe' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'john.doe@authelia.com' groups: - - admins - - dev + - 'admins' + - 'dev' harry: - displayname: "Harry Potter" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: harry.potter@authelia.com + displayname: 'Harry Potter' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'harry.potter@authelia.com' groups: [] bob: - displayname: "Bob Dylan" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: bob.dylan@authelia.com + displayname: 'Bob Dylan' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'bob.dylan@authelia.com' groups: - - dev + - 'dev' james: - displayname: "James Dean" - password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length - email: james.dean@authelia.com + displayname: 'James Dean' + password: '$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/' # yamllint disable-line rule:line-length + email: 'james.dean@authelia.com' ... diff --git a/internal/suites/docker-compose.yml b/internal/suites/docker-compose.yml index 2f787a38e..0d750ebfc 100644 --- a/internal/suites/docker-compose.yml +++ b/internal/suites/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' networks: authelianet: - driver: bridge + driver: 'bridge' ipam: config: - subnet: 192.168.240.0/24 diff --git a/internal/suites/example/compose/authelia/docker-compose.backend.dev.yml b/internal/suites/example/compose/authelia/docker-compose.backend.dev.yml index a685a8c4b..9770e9bbd 100644 --- a/internal/suites/example/compose/authelia/docker-compose.backend.dev.yml +++ b/internal/suites/example/compose/authelia/docker-compose.backend.dev.yml @@ -3,18 +3,18 @@ version: '3' services: authelia-backend: build: - context: example/compose/authelia - dockerfile: Dockerfile.backend + context: 'example/compose/authelia' + dockerfile: 'Dockerfile.backend' args: - USER_ID: ${USER_ID} - GROUP_ID: ${GROUP_ID} + USER_ID: '${USER_ID}' + GROUP_ID: '${GROUP_ID}' security_opt: - seccomp:unconfined - apparmor:unconfined - command: /resources/entrypoint-backend.sh - working_dir: /app + command: '/resources/entrypoint-backend.sh' + working_dir: '/app' cap_add: - - SYS_PTRACE + - 'SYS_PTRACE' volumes: - './example/compose/authelia/resources/:/resources' - '../..:/app' @@ -30,7 +30,7 @@ services: - 'traefik.http.routers.authelia_backend.tls=true' - 'traefik.http.services.authelia_backend.loadbalancer.server.scheme=https' environment: - - ENVIRONMENT=dev + ENVIRONMENT: 'dev' networks: authelianet: ipv4_address: 192.168.240.50 diff --git a/internal/suites/example/compose/authelia/docker-compose.backend.dist.yml b/internal/suites/example/compose/authelia/docker-compose.backend.dist.yml index 6a6d08b8f..515c17fa4 100644 --- a/internal/suites/example/compose/authelia/docker-compose.backend.dist.yml +++ b/internal/suites/example/compose/authelia/docker-compose.backend.dist.yml @@ -2,7 +2,7 @@ version: '3' services: authelia-backend: - image: authelia:dist + image: 'authelia:dist' labels: # Traefik 1.x - 'traefik.frontend.rule=Host:login.example.com' @@ -18,8 +18,8 @@ services: volumes: - '../..:/authelia' environment: - - ENVIRONMENT=dev - restart: always + ENVIRONMENT: 'dev' + restart: 'always' networks: authelianet: ipv4_address: 192.168.240.50 diff --git a/internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml b/internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml index a283a434f..944690b38 100644 --- a/internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml +++ b/internal/suites/example/compose/authelia/docker-compose.frontend.dev.yml @@ -3,13 +3,13 @@ version: '3' services: authelia-frontend: build: - context: example/compose/authelia - dockerfile: Dockerfile.frontend + context: 'example/compose/authelia' + dockerfile: 'Dockerfile.frontend' args: - USER_ID: ${USER_ID} - GROUP_ID: ${GROUP_ID} + USER_ID: '${USER_ID}' + GROUP_ID: '${GROUP_ID}' command: '/resources/entrypoint-frontend.sh' - working_dir: /app + working_dir: '/app' stdin_open: true volumes: - './example/compose/authelia/resources/:/resources' @@ -24,7 +24,7 @@ services: - 'traefik.http.routers.authelia_frontend.entrypoints=https' - 'traefik.http.routers.authelia_frontend.tls=true' environment: - - VITE_BASEPATH=${PathPrefix} + VITE_BASEPATH: '${PathPrefix}' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml b/internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml index 1cfbd96db..24a02b204 100644 --- a/internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml +++ b/internal/suites/example/compose/authelia/docker-compose.frontend.dist.yml @@ -2,7 +2,7 @@ version: '3' services: authelia-frontend: - image: nginx:alpine + image: 'nginx:alpine' volumes: - './example/compose/authelia/resources/nginx.conf:/etc/nginx/nginx.conf' labels: @@ -15,7 +15,7 @@ services: - 'traefik.http.routers.authelia_frontend.tls=true' - 'traefik.http.services.authelia_frontend.loadbalancer.server.port=3000' networks: - - authelianet + - 'authelianet' expose: - 3000 ... diff --git a/internal/suites/example/compose/caddy/docker-compose.yml b/internal/suites/example/compose/caddy/docker-compose.yml index b7d6f35b9..6c7cbdd71 100644 --- a/internal/suites/example/compose/caddy/docker-compose.yml +++ b/internal/suites/example/compose/caddy/docker-compose.yml @@ -2,8 +2,8 @@ version: '3' services: caddy: - # build: ./example/compose/caddy/ # used for debugging - image: caddy:2.6.4-alpine + # build: './example/compose/caddy/ # used for debugging' + image: 'caddy:2.6.4-alpine' volumes: - ./example/compose/caddy/Caddyfile:/etc/caddy/Caddyfile networks: diff --git a/internal/suites/example/compose/duo-api/docker-compose.yml b/internal/suites/example/compose/duo-api/docker-compose.yml index afa1af14d..06f6d9c0d 100644 --- a/internal/suites/example/compose/duo-api/docker-compose.yml +++ b/internal/suites/example/compose/duo-api/docker-compose.yml @@ -2,9 +2,9 @@ version: '3' services: duo-api: - image: authelia/integration-duo + image: 'authelia/integration-duo' volumes: - ./example/compose/duo-api/duo_api.js:/usr/app/src/duo_api.js networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/envoy/docker-compose.yml b/internal/suites/example/compose/envoy/docker-compose.yml index 15e0ad9a2..50472302e 100644 --- a/internal/suites/example/compose/envoy/docker-compose.yml +++ b/internal/suites/example/compose/envoy/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: envoy: - image: envoyproxy/envoy:v1.26.1 + image: 'envoyproxy/envoy:v1.26.1' volumes: - ./example/compose/envoy/envoy.yaml:/etc/envoy/envoy.yaml - ./common/pki:/pki diff --git a/internal/suites/example/compose/haproxy/docker-compose.yml b/internal/suites/example/compose/haproxy/docker-compose.yml index 980292556..0cf3bc9db 100644 --- a/internal/suites/example/compose/haproxy/docker-compose.yml +++ b/internal/suites/example/compose/haproxy/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: haproxy: - image: authelia/integration-haproxy + image: 'authelia/integration-haproxy' volumes: - ./example/compose/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro - ./example/compose/haproxy/http.lua:/usr/local/etc/haproxy/haproxy-lua-http/http.lua diff --git a/internal/suites/example/compose/httpbin/docker-compose.yml b/internal/suites/example/compose/httpbin/docker-compose.yml index f1dffa0d4..3994e938a 100644 --- a/internal/suites/example/compose/httpbin/docker-compose.yml +++ b/internal/suites/example/compose/httpbin/docker-compose.yml @@ -2,9 +2,9 @@ version: '3' services: httpbin: - image: citizenstig/httpbin + image: 'citizenstig/httpbin' networks: - - authelianet + - 'authelianet' labels: # Traefik 1.x - 'traefik.frontend.rule=Host:public.example.com;Path:/headers' diff --git a/internal/suites/example/compose/k3d/docker-compose.yml b/internal/suites/example/compose/k3d/docker-compose.yml index a9f2c28bc..f3419619f 100644 --- a/internal/suites/example/compose/k3d/docker-compose.yml +++ b/internal/suites/example/compose/k3d/docker-compose.yml @@ -2,25 +2,25 @@ version: '3' services: k3d: - image: ghcr.io/k3d-io/k3d:5.4.9-dind + image: 'ghcr.io/k3d-io/k3d:5.4.9-dind' volumes: - './example/kube:/authelia' - './example/kube/authelia/configs/configuration.yml:/configmaps/authelia/configuration.yml' - './common/pki:/configmaps/authelia/ssl' - './example/compose/ldap/ldif:/configmaps/ldap' - './example/compose/nginx/backend:/configmaps/nginx-backend' - privileged: true + privileged: 'true' networks: authelianet: aliases: - - public.example.com - - secure.example.com - - login.example.com - - admin.example.com - - dev.example.com - - mail.example.com - - kubernetes.example.com - - traefik.example.com + - 'public.example.com' + - 'secure.example.com' + - 'login.example.com' + - 'admin.example.com' + - 'dev.example.com' + - 'mail.example.com' + - 'kubernetes.example.com' + - 'traefik.example.com' # Set the IP to be able to query on port 443 ipv4_address: 192.168.240.100 ... diff --git a/internal/suites/example/compose/ldap/docker-compose.admin.yml b/internal/suites/example/compose/ldap/docker-compose.admin.yml index 475190893..cee83c36a 100644 --- a/internal/suites/example/compose/ldap/docker-compose.admin.yml +++ b/internal/suites/example/compose/ldap/docker-compose.admin.yml @@ -2,12 +2,12 @@ version: '3' services: openldap-admin: - image: osixia/phpldapadmin:0.9.0 + image: 'osixia/phpldapadmin:0.9.0' ports: - 9090:80 environment: - - PHPLDAPADMIN_LDAP_HOSTS=openldap - - PHPLDAPADMIN_HTTPS=false + PHPLDAPADMIN_LDAP_HOSTS: 'openldap' + PHPLDAPADMIN_HTTPS: 'false' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/ldap/docker-compose.yml b/internal/suites/example/compose/ldap/docker-compose.yml index 0c0665c79..0dae5f77c 100644 --- a/internal/suites/example/compose/ldap/docker-compose.yml +++ b/internal/suites/example/compose/ldap/docker-compose.yml @@ -2,17 +2,17 @@ version: '3' services: openldap: - image: osixia/openldap:1.5.0 - hostname: ldap.example.com + image: 'osixia/openldap:1.5.0' + hostname: 'ldap.example.com' environment: - - LDAP_ORGANISATION=MyCompany - - LDAP_DOMAIN=example.com - - LDAP_ADMIN_PASSWORD=password - - LDAP_CONFIG_PASSWORD=password - - LDAP_ADDITIONAL_MODULES=memberof - - LDAP_ADDITIONAL_SCHEMAS=openldap - - LDAP_FORCE_RECONFIGURE=true - - LDAP_TLS_VERIFY_CLIENT=try + LDAP_ORGANISATION: 'MyCompany' + LDAP_DOMAIN: 'example.com' + LDAP_ADMIN_PASSWORD: 'password' + LDAP_CONFIG_PASSWORD: 'password' + LDAP_ADDITIONAL_MODULES: 'memberof' + LDAP_ADDITIONAL_SCHEMAS: 'openldap' + LDAP_FORCE_RECONFIGURE: 'true' + LDAP_TLS_VERIFY_CLIENT: 'try' volumes: - './example/compose/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom' command: @@ -20,5 +20,5 @@ services: - '--loglevel' - 'debug' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/mariadb/docker-compose.yml b/internal/suites/example/compose/mariadb/docker-compose.yml index b11f351fd..be0a476a9 100644 --- a/internal/suites/example/compose/mariadb/docker-compose.yml +++ b/internal/suites/example/compose/mariadb/docker-compose.yml @@ -2,12 +2,12 @@ version: '3' services: mariadb: - image: mariadb:10.11.2 + image: 'mariadb:10.11.2' environment: - - MYSQL_ROOT_PASSWORD=rootpassword - - MYSQL_USER=admin - - MYSQL_PASSWORD=password - - MYSQL_DATABASE=authelia + MYSQL_ROOT_PASSWORD: 'rootpassword' + MYSQL_USER: 'admin' + MYSQL_PASSWORD: 'password' + MYSQL_DATABASE: 'authelia' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/mysql/docker-compose.yml b/internal/suites/example/compose/mysql/docker-compose.yml index c9fa617d1..5c34e4023 100644 --- a/internal/suites/example/compose/mysql/docker-compose.yml +++ b/internal/suites/example/compose/mysql/docker-compose.yml @@ -2,12 +2,12 @@ version: '3' services: mysql: - image: mysql:8.0 + image: 'mysql:8.0' environment: - - MYSQL_ROOT_PASSWORD=rootpassword - - MYSQL_USER=admin - - MYSQL_PASSWORD=password - - MYSQL_DATABASE=authelia + MYSQL_ROOT_PASSWORD: 'rootpassword' + MYSQL_USER: 'admin' + MYSQL_PASSWORD: 'password' + MYSQL_DATABASE: 'authelia' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/nginx/backend/docker-compose.yml b/internal/suites/example/compose/nginx/backend/docker-compose.yml index b6abe101b..65e061fca 100644 --- a/internal/suites/example/compose/nginx/backend/docker-compose.yml +++ b/internal/suites/example/compose/nginx/backend/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: nginx-backend: - image: nginx:alpine + image: 'nginx:alpine' labels: # Traefik 1.x - 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # yamllint disable-line rule:line-length @@ -20,5 +20,5 @@ services: - ./example/compose/nginx/backend/html:/usr/share/nginx/html - ./example/compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/nginx/portal/docker-compose.yml b/internal/suites/example/compose/nginx/portal/docker-compose.yml index 4ff9dc3d9..313f71990 100644 --- a/internal/suites/example/compose/nginx/portal/docker-compose.yml +++ b/internal/suites/example/compose/nginx/portal/docker-compose.yml @@ -2,17 +2,17 @@ version: '3' services: nginx-portal: - image: nginx:alpine + image: 'nginx:alpine' volumes: - ./example/compose/nginx/portal/nginx.conf:/etc/nginx/nginx.conf - ./common/pki:/pki networks: authelianet: aliases: - - public.example.com - - secure.example.com - - login.example.com - - duo.example.com + - 'public.example.com' + - 'secure.example.com' + - 'login.example.com' + - 'duo.example.com' # Set the IP to be able to query on port 443 ipv4_address: 192.168.240.100 ... diff --git a/internal/suites/example/compose/oidc-client/docker-compose.yml b/internal/suites/example/compose/oidc-client/docker-compose.yml index c9645d8a9..23b149e0e 100644 --- a/internal/suites/example/compose/oidc-client/docker-compose.yml +++ b/internal/suites/example/compose/oidc-client/docker-compose.yml @@ -2,10 +2,10 @@ version: '3' services: oidc-client: - image: ghcr.io/authelia/oidc-tester-app:master-aeac7f4 - command: /entrypoint.sh + image: 'ghcr.io/authelia/oidc-tester-app:master-aeac7f4' + command: '/entrypoint.sh' depends_on: - - authelia-backend + - 'authelia-backend' volumes: - ./example/compose/oidc-client/entrypoint.sh:/entrypoint.sh expose: @@ -17,5 +17,5 @@ services: - 'traefik.http.routers.oidc.tls=true' - 'traefik.http.routers.oidc.middlewares=authelia@docker' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/postgres/docker-compose.yml b/internal/suites/example/compose/postgres/docker-compose.yml index 1e19a6f66..adf60ef62 100644 --- a/internal/suites/example/compose/postgres/docker-compose.yml +++ b/internal/suites/example/compose/postgres/docker-compose.yml @@ -1,12 +1,12 @@ --- -version: "3" +version: '3' services: postgres: - image: postgres:15 + image: 'postgres:15' environment: - - POSTGRES_PASSWORD=password - - POSTGRES_USER=admin - - POSTGRES_DB=authelia + POSTGRES_PASSWORD: 'password' + POSTGRES_USER: 'admin' + POSTGRES_DB: 'authelia' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/redis-sentinel/docker-compose.yml b/internal/suites/example/compose/redis-sentinel/docker-compose.yml index beb075492..ad4c3cbf3 100644 --- a/internal/suites/example/compose/redis-sentinel/docker-compose.yml +++ b/internal/suites/example/compose/redis-sentinel/docker-compose.yml @@ -2,10 +2,10 @@ version: '3' services: redis-node-0: - image: redis:7.0-alpine - command: /entrypoint.sh master + image: 'redis:7.0-alpine' + command: '/entrypoint.sh master' expose: - - "6379" + - '6379' volumes: - ./example/compose/redis/templates:/templates - ./example/compose/redis/users.acl:/data/users.acl @@ -13,15 +13,15 @@ services: networks: authelianet: aliases: - - redis-node-0.example.com + - 'redis-node-0.example.com' ipv4_address: 192.168.240.110 redis-node-1: - image: redis:7.0-alpine - command: /entrypoint.sh slave + image: 'redis:7.0-alpine' + command: '/entrypoint.sh slave' depends_on: - - redis-node-0 + - 'redis-node-0' expose: - - "6379" + - '6379' volumes: - ./example/compose/redis/templates:/templates - ./example/compose/redis/users.acl:/data/users.acl @@ -29,15 +29,15 @@ services: networks: authelianet: aliases: - - redis-node-1.example.com + - 'redis-node-1.example.com' ipv4_address: 192.168.240.111 redis-node-2: - image: redis:7.0-alpine - command: /entrypoint.sh slave + image: 'redis:7.0-alpine' + command: '/entrypoint.sh slave' depends_on: - - redis-node-0 + - 'redis-node-0' expose: - - "6379" + - '6379' volumes: - ./example/compose/redis/templates:/templates - ./example/compose/redis/users.acl:/data/users.acl @@ -45,54 +45,54 @@ services: networks: authelianet: aliases: - - redis-node-2.example.com + - 'redis-node-2.example.com' ipv4_address: 192.168.240.112 redis-sentinel-0: - image: redis:7.0-alpine - command: /entrypoint.sh sentinel + image: 'redis:7.0-alpine' + command: '/entrypoint.sh sentinel' depends_on: - - redis-node-1 - - redis-node-2 + - 'redis-node-1' + - 'redis-node-2' expose: - - "26379" + - '26379' volumes: - ./example/compose/redis/templates:/templates - ./example/compose/redis/entrypoint.sh:/entrypoint.sh networks: authelianet: aliases: - - redis-sentinel-0.example.com + - 'redis-sentinel-0.example.com' ipv4_address: 192.168.240.120 redis-sentinel-1: - image: redis:7.0-alpine - command: /entrypoint.sh sentinel + image: 'redis:7.0-alpine' + command: '/entrypoint.sh sentinel' depends_on: - - redis-node-1 - - redis-node-2 + - 'redis-node-1' + - 'redis-node-2' expose: - - "26379" + - '26379' volumes: - ./example/compose/redis/templates:/templates - ./example/compose/redis/entrypoint.sh:/entrypoint.sh networks: authelianet: aliases: - - redis-sentinel-1.example.com + - 'redis-sentinel-1.example.com' ipv4_address: 192.168.240.121 redis-sentinel-2: - image: redis:7.0-alpine - command: /entrypoint.sh sentinel + image: 'redis:7.0-alpine' + command: '/entrypoint.sh sentinel' depends_on: - - redis-node-1 - - redis-node-2 + - 'redis-node-1' + - 'redis-node-2' expose: - - "26379" + - '26379' volumes: - ./example/compose/redis/templates:/templates - ./example/compose/redis/entrypoint.sh:/entrypoint.sh networks: authelianet: aliases: - - redis-sentinel-2.example.com + - 'redis-sentinel-2.example.com' ipv4_address: 192.168.240.122 ... diff --git a/internal/suites/example/compose/redis/docker-compose.yml b/internal/suites/example/compose/redis/docker-compose.yml index 26659d778..473a3710d 100644 --- a/internal/suites/example/compose/redis/docker-compose.yml +++ b/internal/suites/example/compose/redis/docker-compose.yml @@ -2,14 +2,14 @@ version: '3' services: redis: - image: redis:7.0-alpine - command: /entrypoint.sh master + image: 'redis:7.0-alpine' + command: '/entrypoint.sh master' expose: - - "6379" + - '6379' volumes: - ./example/compose/redis/templates:/templates - ./example/compose/redis/users.acl:/data/users.acl - ./example/compose/redis/entrypoint.sh:/entrypoint.sh networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/samba/docker-compose.yml b/internal/suites/example/compose/samba/docker-compose.yml index f4585ace0..4882d2efd 100644 --- a/internal/suites/example/compose/samba/docker-compose.yml +++ b/internal/suites/example/compose/samba/docker-compose.yml @@ -2,16 +2,16 @@ version: '3' services: sambaldap: - image: authelia/integration-samba + image: 'authelia/integration-samba' volumes: - ./example/compose/samba/init.sh:/init.sh cap_add: - - SYS_ADMIN - hostname: ldap.example.com + - 'SYS_ADMIN' + hostname: 'ldap.example.com' environment: - - DOMAIN=example.com - - DOMAINPASS=Password1 - - NOCOMPLEXITY=true + DOMAIN: 'example.com' + DOMAINPASS: 'Password1' + NOCOMPLEXITY: 'true' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/smtp/docker-compose.yml b/internal/suites/example/compose/smtp/docker-compose.yml index c5156110b..b5a99fb60 100644 --- a/internal/suites/example/compose/smtp/docker-compose.yml +++ b/internal/suites/example/compose/smtp/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: smtp: - image: schickling/mailcatcher + image: 'schickling/mailcatcher' ports: - '1025:1025' labels: @@ -14,5 +14,5 @@ services: - 'traefik.http.routers.mail.tls=true' - 'traefik.http.services.mail.loadbalancer.server.port=1080' networks: - - authelianet + - 'authelianet' ... diff --git a/internal/suites/example/compose/squid/docker-compose.yml b/internal/suites/example/compose/squid/docker-compose.yml index 750022756..ac3c8c551 100644 --- a/internal/suites/example/compose/squid/docker-compose.yml +++ b/internal/suites/example/compose/squid/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: # Simulates client 1. client-1: - image: sameersbn/squid:3.5.27-1 + image: 'sameersbn/squid:3.5.27-1' volumes: - ./example/compose/squid/squid.conf:/etc/squid/squid.conf networks: @@ -11,7 +11,7 @@ services: # Set the IP to be able to query on port 443 ipv4_address: 192.168.240.201 client-2: - image: sameersbn/squid:3.5.27-1 + image: 'sameersbn/squid:3.5.27-1' volumes: - ./example/compose/squid/squid.conf:/etc/squid/squid.conf networks: diff --git a/internal/suites/example/compose/traefik/docker-compose.yml b/internal/suites/example/compose/traefik/docker-compose.yml index 5746ffd15..9e93bed08 100644 --- a/internal/suites/example/compose/traefik/docker-compose.yml +++ b/internal/suites/example/compose/traefik/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: traefik: - image: traefik:v1.7.34-alpine + image: 'traefik:v1.7.34-alpine' volumes: - '/var/run/docker.sock:/var/run/docker.sock' labels: diff --git a/internal/suites/example/compose/traefik2/docker-compose.yml b/internal/suites/example/compose/traefik2/docker-compose.yml index 5f2828e3b..dcda1e80e 100644 --- a/internal/suites/example/compose/traefik2/docker-compose.yml +++ b/internal/suites/example/compose/traefik2/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: traefik: - image: traefik:v2.10.1 + image: 'traefik:v2.10.1' volumes: - '/var/run/docker.sock:/var/run/docker.sock' labels: @@ -29,9 +29,9 @@ services: networks: authelianet: aliases: - - public.example.com - - secure.example.com - - login.example.com + - 'public.example.com' + - 'secure.example.com' + - 'login.example.com' # Set the IP to be able to query on port 8080 ipv4_address: 192.168.240.100 ... diff --git a/internal/suites/example/kube/apps/nginx.yml b/internal/suites/example/kube/apps/nginx.yml index a604ade1f..8a8ad5e5c 100644 --- a/internal/suites/example/kube/apps/nginx.yml +++ b/internal/suites/example/kube/apps/nginx.yml @@ -1,138 +1,138 @@ --- -apiVersion: apps/v1 -kind: Deployment +apiVersion: 'apps/v1' +kind: 'Deployment' metadata: - name: nginx-backend - namespace: authelia + name: 'nginx-backend' + namespace: 'authelia' labels: - app: nginx-backend + app: 'nginx-backend' spec: replicas: 1 selector: matchLabels: - app: nginx-backend + app: 'nginx-backend' template: metadata: labels: - app: nginx-backend + app: 'nginx-backend' spec: containers: - - name: nginx-backend - image: nginx:alpine + - name: 'nginx-backend' + image: 'nginx:alpine' ports: - containerPort: 80 volumeMounts: - - name: nginx-config - mountPath: /etc/nginx/nginx.conf - - name: nginx-html - mountPath: /usr/share/nginx/html + - name: 'nginx-config' + mountPath: '/etc/nginx/nginx.conf' + - name: 'nginx-html' + mountPath: '/usr/share/nginx/html' volumes: - - name: nginx-config + - name: 'nginx-config' hostPath: - path: /configmaps/nginx-backend/nginx.conf - type: File - - name: nginx-html + path: '/configmaps/nginx-backend/nginx.conf' + type: 'File' + - name: 'nginx-html' hostPath: - path: /configmaps/nginx-backend/html - type: Directory + path: '/configmaps/nginx-backend/html' + type: 'Directory' ... --- -apiVersion: v1 -kind: Service +apiVersion: 'v1' +kind: 'Service' metadata: - name: nginx-backend-service - namespace: authelia + name: 'nginx-backend-service' + namespace: 'authelia' labels: - app: nginx-backend + app: 'nginx-backend' spec: selector: - app: nginx-backend + app: 'nginx-backend' ports: - port: 80 - name: http + name: 'http' - port: 443 - name: https + name: 'https' ... --- -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: 'networking.k8s.io/v1' +kind: 'Ingress' metadata: - name: nginx-backend-ingress - namespace: authelia + name: 'nginx-backend-ingress' + namespace: 'authelia' annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + kubernetes.io/ingress.class: 'traefik' + traefik.ingress.kubernetes.io/router.entrypoints: 'websecure' + traefik.ingress.kubernetes.io/router.middlewares: 'authelia-forwardauth-authelia@kubernetescrd' spec: rules: - - host: home.example.com + - host: 'home.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: nginx-backend-service + name: 'nginx-backend-service' port: number: 80 - - host: public.example.com + - host: 'public.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: nginx-backend-service + name: 'nginx-backend-service' port: number: 80 - - host: admin.example.com + - host: 'admin.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: nginx-backend-service + name: 'nginx-backend-service' port: number: 80 - - host: dev.example.com + - host: 'dev.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: nginx-backend-service + name: 'nginx-backend-service' port: number: 80 - - host: mx1.mail.example.com + - host: 'mx1.mail.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: nginx-backend-service + name: 'nginx-backend-service' port: number: 80 - - host: mx2.mail.example.com + - host: 'mx2.mail.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: nginx-backend-service + name: 'nginx-backend-service' port: number: 80 - - host: singlefactor.example.com + - host: 'singlefactor.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: nginx-backend-service + name: 'nginx-backend-service' port: number: 80 ... diff --git a/internal/suites/example/kube/authelia/authelia.yml b/internal/suites/example/kube/authelia/authelia.yml index 39450cc63..cdf76c7fc 100644 --- a/internal/suites/example/kube/authelia/authelia.yml +++ b/internal/suites/example/kube/authelia/authelia.yml @@ -1,145 +1,145 @@ --- -apiVersion: apps/v1 -kind: Deployment +apiVersion: 'apps/v1' +kind: 'Deployment' metadata: - name: authelia - namespace: authelia + name: 'authelia' + namespace: 'authelia' labels: - app: authelia + app: 'authelia' spec: replicas: 1 selector: matchLabels: - app: authelia + app: 'authelia' template: metadata: labels: - app: authelia + app: 'authelia' spec: containers: - - name: authelia - image: authelia:dist + - name: 'authelia' + image: 'authelia:dist' ports: - containerPort: 443 readinessProbe: httpGet: - scheme: HTTPS - path: /api/health + scheme: 'HTTPS' + path: '/api/health' port: 443 initialDelaySeconds: 3 periodSeconds: 3 volumeMounts: - - name: authelia-config - mountPath: /config/configuration.yml + - name: 'authelia-config' + mountPath: '/config/configuration.yml' readOnly: true - - name: authelia-ssl - mountPath: /pki + - name: 'authelia-ssl' + mountPath: '/pki' readOnly: true - - name: secrets - mountPath: /config/secrets + - name: 'secrets' + mountPath: '/config/secrets' readOnly: true env: # We set secrets directly here for ease of deployment but all secrets # should be stored in the Kube Vault in production. - - name: AUTHELIA_JWT_SECRET_FILE - value: /config/secrets/jwt_secret - - name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE - value: /config/secrets/ldap_password - - name: AUTHELIA_SESSION_SECRET_FILE - value: /config/secrets/session - - name: AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE - value: /config/secrets/sql_password - - name: AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE - value: /config/secrets/encryption_key - - name: ENVIRONMENT - value: dev + - name: 'AUTHELIA_JWT_SECRET_FILE' + value: '/config/secrets/jwt_secret' + - name: 'AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE' + value: '/config/secrets/ldap_password' + - name: 'AUTHELIA_SESSION_SECRET_FILE' + value: '/config/secrets/session' + - name: 'AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE' + value: '/config/secrets/sql_password' + - name: 'AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE' + value: '/config/secrets/encryption_key' + - name: 'ENVIRONMENT' + value: 'dev' volumes: - - name: authelia-config + - name: 'authelia-config' hostPath: - path: /configmaps/authelia/configuration.yml - type: File - - name: authelia-ssl + path: '/configmaps/authelia/configuration.yml' + type: 'File' + - name: 'authelia-ssl' hostPath: - path: /configmaps/authelia/ssl - type: Directory - - name: secrets + path: '/configmaps/authelia/ssl' + type: 'Directory' + - name: 'secrets' secret: - secretName: authelia + secretName: 'authelia' items: - - key: jwt_secret - path: jwt_secret - - key: session - path: session - - key: sql_password - path: sql_password - - key: ldap_password - path: ldap_password - - key: encryption_key - path: encryption_key + - key: 'jwt_secret' + path: 'jwt_secret' + - key: 'session' + path: 'session' + - key: 'sql_password' + path: 'sql_password' + - key: 'ldap_password' + path: 'ldap_password' + - key: 'encryption_key' + path: 'encryption_key' ... --- -apiVersion: v1 -kind: Service +apiVersion: 'v1' +kind: 'Service' metadata: - name: authelia-service - namespace: authelia + name: 'authelia-service' + namespace: 'authelia' annotations: - traefik.ingress.kubernetes.io/service.serverstransport: authelia-skipverify@kubernetescrd + traefik.ingress.kubernetes.io/service.serverstransport: 'authelia-skipverify@kubernetescrd' spec: selector: - app: authelia + app: 'authelia' ports: - - protocol: TCP + - protocol: 'TCP' port: 443 targetPort: 443 ... --- -apiVersion: v1 -kind: Secret -type: Opaque +apiVersion: 'v1' +kind: 'Secret' +type: 'Opaque' metadata: - name: authelia - namespace: authelia + name: 'authelia' + namespace: 'authelia' labels: - app: authelia + app: 'authelia' data: - jwt_secret: YW5fdW5zZWN1cmVfc2VjcmV0 # an_unsecure_secret - ldap_password: cGFzc3dvcmQ= # password - session: dW5zZWN1cmVfcGFzc3dvcmQ= # unsecure_password - sql_password: cGFzc3dvcmQ= # password - encryption_key: YV9ub3Rfc29fc2VjdXJlX2VuY3J5cHRpb25fa2V5 + jwt_secret: 'YW5fdW5zZWN1cmVfc2VjcmV0' # an_unsecure_secret + ldap_password: 'cGFzc3dvcmQ=' # password + session: 'dW5zZWN1cmVfcGFzc3dvcmQ=' # unsecure_password + sql_password: 'cGFzc3dvcmQ=' # password + encryption_key: 'YV9ub3Rfc29fc2VjdXJlX2VuY3J5cHRpb25fa2V5' ... --- -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: 'networking.k8s.io/v1' +kind: 'Ingress' metadata: - name: authelia-ingress - namespace: authelia + name: 'authelia-ingress' + namespace: 'authelia' annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure + kubernetes.io/ingress.class: 'traefik' + traefik.ingress.kubernetes.io/router.entrypoints: 'websecure' spec: rules: - - host: login.example.com + - host: 'login.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: authelia-service + name: 'authelia-service' port: number: 443 ... --- -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware +apiVersion: 'traefik.containo.us/v1alpha1' +kind: 'Middleware' metadata: - name: forwardauth-authelia - namespace: authelia + name: 'forwardauth-authelia' + namespace: 'authelia' labels: - app.kubernetes.io/instance: authelia - app.kubernetes.io/name: authelia + app.kubernetes.io/instance: 'authelia' + app.kubernetes.io/name: 'authelia' spec: forwardAuth: address: 'https://authelia-service.authelia.svc.cluster.local/api/authz/forward-auth' diff --git a/internal/suites/example/kube/authelia/configs/configuration.yml b/internal/suites/example/kube/authelia/configs/configuration.yml index edb8e04d7..0806164e1 100644 --- a/internal/suites/example/kube/authelia/configs/configuration.yml +++ b/internal/suites/example/kube/authelia/configs/configuration.yml @@ -3,108 +3,108 @@ # Authelia configuration # ############################################################### -default_redirection_url: https://home.example.com:8080 +default_redirection_url: 'https://home.example.com:8080' server: address: 'tcp://:443' tls: - certificate: /pki/public.backend.crt - key: /pki/private.backend.pem + certificate: '/pki/public.backend.crt' + key: '/pki/private.backend.pem' log: - level: debug + level: 'debug' authentication_backend: ldap: address: 'ldaps://ldap-service' tls: skip_verify: true - base_dn: dc=example,dc=com - username_attribute: uid - additional_users_dn: ou=users - users_filter: (&({username_attribute}={input})(objectClass=person)) - additional_groups_dn: ou=groups - groups_filter: (&(member={dn})(objectClass=groupOfNames)) - group_name_attribute: cn - mail_attribute: mail - display_name_attribute: displayName - user: cn=admin,dc=example,dc=com + base_dn: 'dc=example,dc=com' + username_attribute: 'uid' + additional_users_dn: 'ou=users' + users_filter: '(&({username_attribute}={input})(objectClass=person))' + additional_groups_dn: 'ou=groups' + groups_filter: '(&(member={dn})(objectClass=groupOfNames))' + group_name_attribute: 'cn' + mail_attribute: 'mail' + display_name_attribute: 'displayName' + user: 'cn=admin,dc=example,dc=com' access_control: - default_policy: deny + default_policy: 'deny' rules: # Rules applied to everyone - - domain: home.example.com - policy: bypass - - domain: public.example.com - policy: bypass - - domain: secure.example.com - policy: two_factor - - domain: singlefactor.example.com - policy: one_factor + - domain: 'home.example.com' + policy: 'bypass' + - domain: 'public.example.com' + policy: 'bypass' + - domain: 'secure.example.com' + policy: 'two_factor' + - domain: 'singlefactor.example.com' + policy: 'one_factor' # Rules applied to 'admins' group - - domain: "mx2.mail.example.com" - subject: "group:admins" - policy: deny - - domain: "*.example.com" - subject: "group:admins" - policy: two_factor + - domain: 'mx2.mail.example.com' + subject: 'group:admins' + policy: 'deny' + - domain: '*.example.com' + subject: 'group:admins' + policy: 'two_factor' # Rules applied to 'dev' group - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/groups/dev/.*$" - subject: "group:dev" - policy: two_factor + - '^/groups/dev/.*$' + subject: 'group:dev' + policy: 'two_factor' # Rules applied to user 'john' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/john/.*$" - subject: "user:john" - policy: two_factor + - '^/users/john/.*$' + subject: 'user:john' + policy: 'two_factor' # Rules applied to user 'harry' - - domain: dev.example.com + - domain: 'dev.example.com' resources: - - "^/users/harry/.*$" - subject: "user:harry" - policy: two_factor + - '^/users/harry/.*$' + subject: 'user:harry' + policy: 'two_factor' # Rules applied to user 'bob' - - domain: "*.mail.example.com" - subject: "user:bob" - policy: two_factor - - domain: "dev.example.com" + - domain: '*.mail.example.com' + subject: 'user:bob' + policy: 'two_factor' + - domain: 'dev.example.com' resources: - - "^/users/bob/.*$" - subject: "user:bob" - policy: two_factor + - '^/users/bob/.*$' + subject: 'user:bob' + policy: 'two_factor' session: - expiration: 3600 # 1 hour - inactivity: 300 # 5 minutes - remember_me: 1y + expiration: '1h' # 1 hour + inactivity: '5m' # 5 minutes + remember_me: '1y' cookies: - domain: 'example.com' authelia_url: 'https://login.example.com:8080' redis: - host: redis-service + host: 'redis-service' port: 6379 regulation: max_retries: 3 - find_time: 120 - ban_time: 300 + find_time: '2m' + ban_time: '5m' storage: mysql: address: 'tcp://mariadb-service:3306' - database: authelia - username: admin + database: 'authelia' + username: 'admin' notifier: smtp: diff --git a/internal/suites/example/kube/dashboards.yml b/internal/suites/example/kube/dashboards.yml index a054f566d..754cb0d12 100644 --- a/internal/suites/example/kube/dashboards.yml +++ b/internal/suites/example/kube/dashboards.yml @@ -1,194 +1,194 @@ # Kubernetes Dashboard --- -apiVersion: v1 -kind: Namespace +apiVersion: 'v1' +kind: 'Namespace' metadata: - name: kubernetes-dashboard + name: 'kubernetes-dashboard' ... --- -apiVersion: v1 -kind: ServiceAccount +apiVersion: 'v1' +kind: 'ServiceAccount' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard' + namespace: 'kubernetes-dashboard' ... --- -kind: Service -apiVersion: v1 +kind: 'Service' +apiVersion: 'v1' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard' + namespace: 'kubernetes-dashboard' spec: ports: - port: 443 targetPort: 8443 selector: - k8s-app: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' ... --- -apiVersion: v1 -kind: Secret +apiVersion: 'v1' +kind: 'Secret' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-certs - namespace: kubernetes-dashboard -type: Opaque + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard-certs' + namespace: 'kubernetes-dashboard' +type: 'Opaque' ... --- -apiVersion: v1 -kind: Secret +apiVersion: 'v1' +kind: 'Secret' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-csrf - namespace: kubernetes-dashboard -type: Opaque + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard-csrf' + namespace: 'kubernetes-dashboard' +type: 'Opaque' data: - csrf: "" + csrf: '' ... --- -apiVersion: v1 -kind: Secret +apiVersion: 'v1' +kind: 'Secret' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-key-holder - namespace: kubernetes-dashboard -type: Opaque + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard-key-holder' + namespace: 'kubernetes-dashboard' +type: 'Opaque' ... --- -kind: ConfigMap -apiVersion: v1 +kind: 'ConfigMap' +apiVersion: 'v1' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard-settings - namespace: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard-settings' + namespace: 'kubernetes-dashboard' ... --- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 +kind: 'Role' +apiVersion: 'rbac.authorization.k8s.io/v1' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard' + namespace: 'kubernetes-dashboard' rules: # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] - verbs: ["get", "update", "delete"] + resources: ['secrets'] + resourceNames: ['kubernetes-dashboard-key-holder', 'kubernetes-dashboard-certs', 'kubernetes-dashboard-csrf'] + verbs: ['get', 'update', 'delete'] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["kubernetes-dashboard-settings"] - verbs: ["get", "update"] + resources: ['configmaps'] + resourceNames: ['kubernetes-dashboard-settings'] + verbs: ['get', 'update'] # Allow Dashboard to get metrics. - apiGroups: [""] - resources: ["services"] - resourceNames: ["heapster", "dashboard-metrics-scraper"] - verbs: ["proxy"] + resources: ['services'] + resourceNames: ['heapster', 'dashboard-metrics-scraper'] + verbs: ['proxy'] - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] # yamllint disable-line rule:line-length - verbs: ["get"] + resources: ['services/proxy'] + resourceNames: ['heapster', 'http:heapster:', 'https:heapster:', 'dashboard-metrics-scraper', 'http:dashboard-metrics-scraper'] # yamllint disable-line rule:line-length + verbs: ['get'] ... --- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 +kind: 'ClusterRole' +apiVersion: 'rbac.authorization.k8s.io/v1' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard' rules: # Allow Metrics Scraper to get metrics from the Metrics server - - apiGroups: ["metrics.k8s.io"] - resources: ["pods", "nodes"] - verbs: ["get", "list", "watch"] + - apiGroups: ['metrics.k8s.io'] + resources: ['pods', 'nodes'] + verbs: ['get', 'list', 'watch'] ... --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +apiVersion: 'rbac.authorization.k8s.io/v1' +kind: 'RoleBinding' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard' + namespace: 'kubernetes-dashboard' roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubernetes-dashboard + apiGroup: 'rbac.authorization.k8s.io' + kind: 'Role' + name: 'kubernetes-dashboard' subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard + - kind: 'ServiceAccount' + name: 'kubernetes-dashboard' + namespace: 'kubernetes-dashboard' ... --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +apiVersion: 'rbac.authorization.k8s.io/v1' +kind: 'ClusterRoleBinding' metadata: - name: kubernetes-dashboard + name: 'kubernetes-dashboard' roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-dashboard + apiGroup: 'rbac.authorization.k8s.io' + kind: 'ClusterRole' + name: 'kubernetes-dashboard' subjects: - - kind: ServiceAccount - name: kubernetes-dashboard - namespace: kubernetes-dashboard + - kind: 'ServiceAccount' + name: 'kubernetes-dashboard' + namespace: 'kubernetes-dashboard' ... --- -kind: Deployment -apiVersion: apps/v1 +kind: 'Deployment' +apiVersion: 'apps/v1' metadata: labels: - k8s-app: kubernetes-dashboard - name: kubernetes-dashboard - namespace: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' + name: 'kubernetes-dashboard' + namespace: 'kubernetes-dashboard' spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: - k8s-app: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' template: metadata: labels: - k8s-app: kubernetes-dashboard + k8s-app: 'kubernetes-dashboard' spec: securityContext: seccompProfile: - type: RuntimeDefault + type: 'RuntimeDefault' containers: - - name: kubernetes-dashboard - image: kubernetesui/dashboard:v2.7.0 - imagePullPolicy: Always + - name: 'kubernetes-dashboard' + image: 'kubernetesui/dashboard:v2.7.0' + imagePullPolicy: 'Always' ports: - containerPort: 8443 - protocol: TCP + protocol: 'TCP' args: - - --auto-generate-certificates - - --namespace=kubernetes-dashboard + - '--auto-generate-certificates' + - '--namespace=kubernetes-dashboard' # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - - name: kubernetes-dashboard-certs - mountPath: /certs + - name: 'kubernetes-dashboard-certs' + mountPath: '/certs' # Create on-disk volume to store exec logs - - mountPath: /tmp - name: tmp-volume + - mountPath: '/tmp' + name: 'tmp-volume' livenessProbe: httpGet: - scheme: HTTPS - path: / + scheme: 'HTTPS' + path: '/' port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 @@ -198,149 +198,149 @@ spec: runAsUser: 1001 runAsGroup: 2001 volumes: - - name: kubernetes-dashboard-certs + - name: 'kubernetes-dashboard-certs' secret: - secretName: kubernetes-dashboard-certs - - name: tmp-volume + secretName: 'kubernetes-dashboard-certs' + - name: 'tmp-volume' emptyDir: {} - serviceAccountName: kubernetes-dashboard + serviceAccountName: 'kubernetes-dashboard' nodeSelector: - "kubernetes.io/os": linux + "kubernetes.io/os": 'linux' # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule + - key: 'node-role.kubernetes.io/master' + effect: 'NoSchedule' ... --- -kind: Service -apiVersion: v1 +kind: 'Service' +apiVersion: 'v1' metadata: labels: - k8s-app: dashboard-metrics-scraper - name: dashboard-metrics-scraper - namespace: kubernetes-dashboard + k8s-app: 'dashboard-metrics-scraper' + name: 'dashboard-metrics-scraper' + namespace: 'kubernetes-dashboard' spec: ports: - port: 8000 targetPort: 8000 selector: - k8s-app: dashboard-metrics-scraper + k8s-app: 'dashboard-metrics-scraper' ... --- -kind: Deployment -apiVersion: apps/v1 +kind: 'Deployment' +apiVersion: 'apps/v1' metadata: labels: - k8s-app: dashboard-metrics-scraper - name: dashboard-metrics-scraper - namespace: kubernetes-dashboard + k8s-app: 'dashboard-metrics-scraper' + name: 'dashboard-metrics-scraper' + namespace: 'kubernetes-dashboard' spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: - k8s-app: dashboard-metrics-scraper + k8s-app: 'dashboard-metrics-scraper' template: metadata: labels: - k8s-app: dashboard-metrics-scraper + k8s-app: 'dashboard-metrics-scraper' spec: securityContext: seccompProfile: - type: RuntimeDefault + type: 'RuntimeDefault' containers: - - name: dashboard-metrics-scraper - image: kubernetesui/metrics-scraper:v1.0.9 + - name: 'dashboard-metrics-scraper' + image: 'kubernetesui/metrics-scraper:v1.0.9' ports: - containerPort: 8000 - protocol: TCP + protocol: 'TCP' livenessProbe: httpGet: - scheme: HTTP - path: / + scheme: 'HTTP' + path: '/' port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 volumeMounts: - - mountPath: /tmp - name: tmp-volume + - mountPath: '/tmp' + name: 'tmp-volume' securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 1001 runAsGroup: 2001 - serviceAccountName: kubernetes-dashboard + serviceAccountName: 'kubernetes-dashboard' nodeSelector: - "kubernetes.io/os": linux + "kubernetes.io/os": 'linux' # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule + - key: 'node-role.kubernetes.io/master' + effect: 'NoSchedule' volumes: - - name: tmp-volume + - name: 'tmp-volume' emptyDir: {} ... --- -apiVersion: v1 -kind: ServiceAccount +apiVersion: 'v1' +kind: 'ServiceAccount' metadata: - name: admin-user - namespace: kubernetes-dashboard + name: 'admin-user' + namespace: 'kubernetes-dashboard' ... --- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +apiVersion: 'rbac.authorization.k8s.io/v1' +kind: 'ClusterRoleBinding' metadata: - name: admin-user + name: 'admin-user' roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin + apiGroup: 'rbac.authorization.k8s.io' + kind: 'ClusterRole' + name: 'cluster-admin' subjects: - - kind: ServiceAccount - name: admin-user - namespace: kubernetes-dashboard + - kind: 'ServiceAccount' + name: 'admin-user' + namespace: 'kubernetes-dashboard' ... --- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP +apiVersion: 'traefik.containo.us/v1alpha1' +kind: 'IngressRouteTCP' metadata: - name: kubernetes-dashboard-ingress - namespace: kubernetes-dashboard + name: 'kubernetes-dashboard-ingress' + namespace: 'kubernetes-dashboard' spec: entryPoints: - - websecure + - 'websecure' routes: - - match: HostSNI(`kubernetes.example.com`) + - match: 'HostSNI(`kubernetes.example.com`)' services: - - name: kubernetes-dashboard + - name: 'kubernetes-dashboard' port: 443 tls: passthrough: true ... # Traefik Dashboard --- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute +apiVersion: 'traefik.containo.us/v1alpha1' +kind: 'IngressRoute' metadata: - name: traefik-dashboard-ingress - namespace: authelia + name: 'traefik-dashboard-ingress' + namespace: 'authelia' spec: entryPoints: - - websecure + - 'websecure' routes: - - match: Host(`traefik.example.com`) - kind: Rule + - match: 'Host(`traefik.example.com`)' + kind: 'Rule' services: - - name: api@internal - kind: TraefikService + - name: 'api@internal' + kind: 'TraefikService' ... --- -apiVersion: traefik.containo.us/v1alpha1 -kind: ServersTransport +apiVersion: 'traefik.containo.us/v1alpha1' +kind: 'ServersTransport' metadata: - name: skipverify - namespace: authelia + name: 'skipverify' + namespace: 'authelia' spec: insecureSkipVerify: true ... diff --git a/internal/suites/example/kube/ldap/ldap.yml b/internal/suites/example/kube/ldap/ldap.yml index 654de99e2..90a37f993 100644 --- a/internal/suites/example/kube/ldap/ldap.yml +++ b/internal/suites/example/kube/ldap/ldap.yml @@ -1,64 +1,64 @@ --- -apiVersion: apps/v1 -kind: Deployment +apiVersion: 'apps/v1' +kind: 'Deployment' metadata: - name: ldap - namespace: authelia + name: 'ldap' + namespace: 'authelia' labels: - app: ldap + app: 'ldap' spec: replicas: 1 selector: matchLabels: - app: ldap + app: 'ldap' template: metadata: labels: - app: ldap + app: 'ldap' spec: containers: - - name: ldap - image: osixia/openldap:1.5.0 + - name: 'ldap' + image: 'osixia/openldap:1.5.0' ports: - containerPort: 389 - containerPort: 636 - args: ["--copy-service", "--loglevel", "debug"] + args: ['--copy-service', '--loglevel', 'debug'] env: - - name: LDAP_ORGANISATION - value: MyCompany - - name: LDAP_DOMAIN - value: example.com - - name: LDAP_ADMIN_PASSWORD - value: password - - name: LDAP_CONFIG_PASSWORD - value: password - - name: LDAP_ADDITIONAL_MODULES - value: memberof - - name: LDAP_ADDITIONAL_SCHEMAS - value: openldap - - name: LDAP_FORCE_RECONFIGURE - value: "true" - - name: LDAP_TLS_VERIFY_CLIENT - value: try + - name: 'LDAP_ORGANISATION' + value: 'MyCompany' + - name: 'LDAP_DOMAIN' + value: 'example.com' + - name: 'LDAP_ADMIN_PASSWORD' + value: 'password' + - name: 'LDAP_CONFIG_PASSWORD' + value: 'password' + - name: 'LDAP_ADDITIONAL_MODULES' + value: 'memberof' + - name: 'LDAP_ADDITIONAL_SCHEMAS' + value: 'openldap' + - name: 'LDAP_FORCE_RECONFIGURE' + value: 'true' + - name: 'LDAP_TLS_VERIFY_CLIENT' + value: 'try' volumeMounts: - - name: ldap-config - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom + - name: 'ldap-config' + mountPath: '/container/service/slapd/assets/config/bootstrap/ldif/custom' volumes: - - name: ldap-config + - name: 'ldap-config' hostPath: - path: /configmaps/ldap - type: Directory + path: '/configmaps/ldap' + type: 'Directory' ... --- -apiVersion: v1 -kind: Service +apiVersion: 'v1' +kind: 'Service' metadata: - name: ldap-service - namespace: authelia + name: 'ldap-service' + namespace: 'authelia' spec: selector: - app: ldap + app: 'ldap' ports: - - protocol: TCP + - protocol: 'TCP' port: 636 ... diff --git a/internal/suites/example/kube/mail/mail.yml b/internal/suites/example/kube/mail/mail.yml index b26464e72..d868a571d 100644 --- a/internal/suites/example/kube/mail/mail.yml +++ b/internal/suites/example/kube/mail/mail.yml @@ -1,64 +1,64 @@ --- -apiVersion: apps/v1 -kind: Deployment +apiVersion: 'apps/v1' +kind: 'Deployment' metadata: - name: mailcatcher - namespace: authelia + name: 'mailcatcher' + namespace: 'authelia' labels: - app: mailcatcher + app: 'mailcatcher' spec: replicas: 1 selector: matchLabels: - app: mailcatcher + app: 'mailcatcher' template: metadata: labels: - app: mailcatcher + app: 'mailcatcher' spec: containers: - - name: mailcatcher - image: schickling/mailcatcher + - name: 'mailcatcher' + image: 'schickling/mailcatcher' ports: - containerPort: 1025 - containerPort: 1080 ... --- -apiVersion: v1 -kind: Service +apiVersion: 'v1' +kind: 'Service' metadata: - name: mailcatcher-service - namespace: authelia + name: 'mailcatcher-service' + namespace: 'authelia' spec: selector: - app: mailcatcher + app: 'mailcatcher' ports: - - protocol: TCP + - protocol: 'TCP' port: 1080 - name: ui - - protocol: TCP + name: 'ui' + - protocol: 'TCP' port: 1025 - name: smtp + name: 'smtp' ... --- -apiVersion: networking.k8s.io/v1 -kind: Ingress +apiVersion: 'networking.k8s.io/v1' +kind: 'Ingress' metadata: - name: mailcatcher-ingress - namespace: authelia + name: 'mailcatcher-ingress' + namespace: 'authelia' annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure + kubernetes.io/ingress.class: 'traefik' + traefik.ingress.kubernetes.io/router.entrypoints: 'websecure' spec: rules: - - host: mail.example.com + - host: 'mail.example.com' http: paths: - - path: / - pathType: Prefix + - path: '/' + pathType: 'Prefix' backend: service: - name: mailcatcher-service + name: 'mailcatcher-service' port: number: 1080 ... diff --git a/internal/suites/example/kube/namespace.yml b/internal/suites/example/kube/namespace.yml index a48c0b839..e8144d866 100644 --- a/internal/suites/example/kube/namespace.yml +++ b/internal/suites/example/kube/namespace.yml @@ -1,6 +1,6 @@ --- -apiVersion: v1 -kind: Namespace +apiVersion: 'v1' +kind: 'Namespace' metadata: - name: authelia + name: 'authelia' ... diff --git a/internal/suites/example/kube/storage/mariadb.yml b/internal/suites/example/kube/storage/mariadb.yml index e20129778..7a6670e97 100644 --- a/internal/suites/example/kube/storage/mariadb.yml +++ b/internal/suites/example/kube/storage/mariadb.yml @@ -1,24 +1,24 @@ --- -apiVersion: apps/v1 -kind: Deployment +apiVersion: 'apps/v1' +kind: 'Deployment' metadata: - name: mariadb - namespace: authelia + name: 'mariadb' + namespace: 'authelia' labels: - app: mariadb + app: 'mariadb' spec: replicas: 1 selector: matchLabels: - app: mariadb + app: 'mariadb' template: metadata: labels: - app: mariadb + app: 'mariadb' spec: containers: - - name: mariadb - image: mariadb:10.11.2 + - name: 'mariadb' + image: 'mariadb:10.11.2' ports: - containerPort: 3306 readinessProbe: @@ -26,25 +26,25 @@ spec: port: 3306 periodSeconds: 1 env: - - name: MYSQL_ROOT_PASSWORD - value: rootpassword - - name: MYSQL_USER - value: admin - - name: MYSQL_PASSWORD - value: password - - name: MYSQL_DATABASE - value: authelia + - name: 'MYSQL_ROOT_PASSWORD' + value: 'rootpassword' + - name: 'MYSQL_USER' + value: 'admin' + - name: 'MYSQL_PASSWORD' + value: 'password' + - name: 'MYSQL_DATABASE' + value: 'authelia' ... --- -apiVersion: v1 -kind: Service +apiVersion: 'v1' +kind: 'Service' metadata: - name: mariadb-service - namespace: authelia + name: 'mariadb-service' + namespace: 'authelia' spec: selector: - app: mariadb + app: 'mariadb' ports: - - protocol: TCP + - protocol: 'TCP' port: 3306 ... diff --git a/internal/suites/example/kube/storage/redis.yml b/internal/suites/example/kube/storage/redis.yml index 8aeff3056..b253c375b 100644 --- a/internal/suites/example/kube/storage/redis.yml +++ b/internal/suites/example/kube/storage/redis.yml @@ -1,24 +1,24 @@ --- -apiVersion: apps/v1 -kind: Deployment +apiVersion: 'apps/v1' +kind: 'Deployment' metadata: - name: redis - namespace: authelia + name: 'redis' + namespace: 'authelia' labels: - app: redis + app: 'redis' spec: replicas: 1 selector: matchLabels: - app: redis + app: 'redis' template: metadata: labels: - app: redis + app: 'redis' spec: containers: - - name: redis - image: redis:7.0-alpine + - name: 'redis' + image: 'redis:7.0-alpine' ports: - containerPort: 6379 readinessProbe: @@ -27,15 +27,15 @@ spec: periodSeconds: 1 ... --- -apiVersion: v1 -kind: Service +apiVersion: 'v1' +kind: 'Service' metadata: - name: redis-service - namespace: authelia + name: 'redis-service' + namespace: 'authelia' spec: selector: - app: redis + app: 'redis' ports: - - protocol: TCP + - protocol: 'TCP' port: 6379 ...