the10thwiz/Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
437de6be6765d17922ea46f22648172f0518869b
Homelab/authelia/secret-template.yml
Matthew Pomes e878dee155 Minor updates
2025-12-17 19:33:56 -06:00

140 lines
4.5 KiB
YAML
Raw Blame History

# au rand() {
# docker run --rm authelia/authelia:latest authelia crypto rand --length $1 --charset rfc3986
# }
# au hash() {
# docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length $1 --random.charset rfc3986
# }
identity_providers:
oidc:
hmac_secret: '$(au rand 72)'
jwks:
- key: $(openssl genrsa -out - 2048)
claims_policies:
karakeep:
id_token: ['email']
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_name: 'Gitea'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://gitea.loadingm.xyz/user/oauth2/authelia/callback'
scopes:
- 'openid'
- 'email'
- 'profile'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Memos'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://memos.loadingm.xyz/auth/callback'
scopes:
- 'openid'
- 'email'
- 'profile'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Open WebUI'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://ollama.loadingm.xyz/oauth/oidc/callback'
scopes:
- 'openid'
- 'email'
- 'groups'
- 'profile'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
- client_name: 'Karakeep'
client_id: '$(au rand 72)'
client_secret: '$(au hash 72)'
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://karakeep.loadingm.xyz/api/auth/callback/custom'
scopes:
- 'openid'
- 'email'
- 'profile'
claims_policy: 'karakeep'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
# - client_name: 'Jellyseerr'
# client_id: '$(au rand 72)'
# client_secret: '$(au hash 72)'
# public: false
# authorization_policy: 'two_factor'
# require_pkce: false
# pkce_challenge_method: ''
# redirect_uris:
# - 'https://memos.loadingm.xyz/auth/callback'
# scopes:
# - 'openid'
# - 'email'
# - 'profile'
# response_types:
# - 'code'
# grant_types:
# - 'authorization_code'
# access_token_signed_response_alg: 'none'
# userinfo_signed_response_alg: 'none'
# token_endpoint_auth_method: 'client_secret_basic'
# - client_name: 'Jellyfin'
# client_id: '$(au rand 72)'
# client_secret: '$(au hash 72)'
# public: false
# authorization_policy: 'two_factor'
# require_pkce: false
# pkce_challenge_method: ''
# redirect_uris:
# - 'https://memos.loadingm.xyz/auth/callback'
# scopes:
# - 'openid'
# - 'email'
# - 'profile'
# response_types:
# - 'code'
# grant_types:
# - 'authorization_code'
# access_token_signed_response_alg: 'none'
# userinfo_signed_response_alg: 'none'
# token_endpoint_auth_method: 'client_secret_basic'
Reference in New Issue View Git Blame Copy Permalink