diff --git a/utils/modules/authelia/default.nix b/utils/modules/authelia/default.nix index c4dc474..1fcc66b 100644 --- a/utils/modules/authelia/default.nix +++ b/utils/modules/authelia/default.nix @@ -76,17 +76,17 @@ }; access_control = { - default_policy = "one_factor"; - # rules = [ - # { - # domain = ["auth.example.com"]; - # policy = "bypass"; - # } - # { - # domain = ["*.example.com"]; - # policy = "one_factor"; - # } - # ]; + default_policy = "deny"; + rules = [ + { + domain = ["auth.cloonar.com"]; + policy = "bypass"; + } + { + domain = ["*.cloonar.com"]; + policy = "one_factor"; + } + ]; }; session = { @@ -128,21 +128,6 @@ ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. ## See: https://www.authelia.com/c/oidc clients = [ - { - id = "nextcloud"; - description = "NextCloud"; - secret = "$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng"; - public = false; - authorization_policy = "one_factor"; - redirect_uris = [ "https://nextcloud.example.com/apps/oidc_login/oidc" ]; - scopes = [ - "openid" - "profile" - "email" - "groups" - ]; - userinfo_signing_algorithm = "none"; - } { id = "gitea"; description = "Gitea"; @@ -158,21 +143,6 @@ ]; userinfo_signing_algorithm = "none"; } - { - id = "gbv-aktuell-typo3"; - description = "GBV Aktuell"; - secret = "$pbkdf2-sha512$310000$Uo9yGyKfhLxouYNFierOLQ$e37Ui7FIEUCezV4zgM1WX96ruzSA7dz4Q27G0o2iFiNUV/giHh0lyJklcI1UIs10Fs3bsZHDgRnDwaGL3DYsDw"; - public = false; - authorization_policy = "one_factor"; - redirect_uris = [ "https://gbv-aktuell.cloonar.dev/callback" ]; - pre_configured_consent_duration = "1y"; - scopes = [ - "openid" - "profile" - "email" - ]; - userinfo_signing_algorithm = "none"; - } ]; }; };