the10thwiz/Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Minor updates

Browse Source
This commit is contained in:
Matthew Pomes
2025-12-17 19:33:56 -06:00
parent e3d3ade4f7
commit e878dee155
4 changed files with 168 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
authelia/secret-template.yml
View File

@@ -1,17 +1,23 @@
# rand() {
# au rand() {
# docker run --rm authelia/authelia:latest authelia crypto rand --length $1 --charset rfc3986
# }
# hash() {
# au hash() {
# docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length $1 --random.charset rfc3986
# }
identity_providers:
oidc:
hmac_secret: '$(au rand 72)'
jwks:
- key: $(openssl genrsa -out - 2048)
claims_policies:
karakeep:
id_token: ['email']
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_name: 'Gitea'
client_id: '$(rand 72)'
client_secret: '$(hash 72)'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
@@ -29,3 +35,105 @@ identity_providers:
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Memos'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://memos.loadingm.xyz/auth/callback'
scopes:
- 'openid'
- 'email'
- 'profile'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Open WebUI'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://ollama.loadingm.xyz/oauth/oidc/callback'
scopes:
- 'openid'
- 'email'
- 'groups'
- 'profile'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Karakeep'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://karakeep.loadingm.xyz/api/auth/callback/custom'
scopes:
- 'openid'
- 'email'
- 'profile'
claims_policy: 'karakeep'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
# - client_name: 'Jellyseerr'
# client_id: '$(au rand 72)'
# client_secret: '$(au hash 72)'
# public: false
# authorization_policy: 'two_factor'
# require_pkce: false
# pkce_challenge_method: ''
# redirect_uris:
# - 'https://memos.loadingm.xyz/auth/callback'
# scopes:
# - 'openid'
# - 'email'
# - 'profile'
# response_types:
# - 'code'
# grant_types:
# - 'authorization_code'
# access_token_signed_response_alg: 'none'
# userinfo_signed_response_alg: 'none'
# token_endpoint_auth_method: 'client_secret_basic'
# - client_name: 'Jellyfin'
# client_id: '$(au rand 72)'
# client_secret: '$(au hash 72)'
# public: false
# authorization_policy: 'two_factor'
# require_pkce: false
# pkce_challenge_method: ''
# redirect_uris:
# - 'https://memos.loadingm.xyz/auth/callback'
# scopes:
# - 'openid'
# - 'email'
# - 'profile'
# response_types:
# - 'code'
# grant_types:
# - 'authorization_code'
# access_token_signed_response_alg: 'none'
# userinfo_signed_response_alg: 'none'
# token_endpoint_auth_method: 'client_secret_basic'