[MISC] Warn for poorly tuned argon2id deployments (#1426)

The warnings are currently limited to Linux based deployments, however this covers both container and host (static binary) based deployments.
We could potentially look to expand this to FreeBSD in future too.

internal/server/server.go

@@ -1,9 +1,12 @@
 package server
 
 import (
+	"io/ioutil"
 	"net"
 	"os"
+	"runtime"
 	"strconv"
+	"strings"
 
 	duoapi "github.com/duosecurity/duo_api_golang"
 	"github.com/fasthttp/router"
@@ -140,6 +143,22 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
 		logging.Logger().Fatalf("Error initializing listener: %s", err)
 	}
 
+	if configuration.AuthenticationBackend.File != nil && configuration.AuthenticationBackend.File.Password.Algorithm == "argon2id" && runtime.GOOS == "linux" {
+		f, err := ioutil.ReadFile("/sys/fs/cgroup/memory/memory.limit_in_bytes")
+		if err != nil {
+			logging.Logger().Warnf("Error reading hosts memory limit: %s", err)
+		} else {
+			m, _ := strconv.Atoi(strings.TrimSuffix(string(f), "\n"))
+			hostMem := float64(m) / 1024 / 1024 / 1024
+			argonMem := float64(configuration.AuthenticationBackend.File.Password.Memory) / 1024
+
+			if hostMem/argonMem <= 2 {
+				logging.Logger().Warnf("Authelia's password hashing memory parameter is set to: %gGB this is %g%% of the available memory: %gGB", argonMem, argonMem/hostMem*100, hostMem)
+				logging.Logger().Warn("Please read https://www.authelia.com/docs/configuration/authentication/file.html#memory and tune your deployment")
+			}
+		}
+	}
+
 	if configuration.TLSCert != "" && configuration.TLSKey != "" {
 		logging.Logger().Infof("Authelia is listening for TLS connections on %s%s", addrPattern, configuration.Server.Path)
 		logging.Logger().Fatal(server.ServeTLS(listener, configuration.TLSCert, configuration.TLSKey))