Harden compose secrets and add required provisioning docs

2026-04-07 16:12:50 +10:00
parent 417973b1cb
commit 3c2d28c763
14 changed files with 242 additions and 93 deletions
@@ -3,16 +3,16 @@ server.address: tcp://0.0.0.0:9091
 log:
  level: info

-identity_validation.reset_password.jwt_secret: T72Xcxa4d7xpQRypFDZpunlZt0IjqspojmBlxBr69gnkRjzR144YgjZsgFYZK0gS
+identity_validation.reset_password.jwt_secret: ${AUTHELIA_JWT_SECRET}

 session:
-  secret: BYksO7YUAJ8gXx9Endgpe46RgB10nkeKpD1qcQPt0GuYGQm2pS2zjJtNOrCEqpav
+  secret: ${AUTHELIA_SESSION_SECRET}
  cookies:
    - domain: lan.ddnsgeek.com
      authelia_url: https://auth.lan.ddnsgeek.com

 storage:
-  encryption_key: N7mkWziClgDhLgZDRkRwU6jEHmGF6ciOt53pzoFcZ0meEV1AZCC5bWZd24jeu19y
+  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
  local:
    path: /config/data/db.sqlite3

@@ -23,8 +23,6 @@ authentication_backend:
 access_control:
  default_policy: deny
  rules:
-#    - domain: "*.lan.ddnsgeek.com"
-#      policy: two_factor
    - domain: alertmanager.lan.ddnsgeek.com
      resources:
        - "^/api/.*"
@@ -45,7 +43,6 @@ access_control:
        - "^/metrics"
      policy: bypass

-
    - domain: "*.lan.ddnsgeek.com"
      policy: two_factor