fix

2025-07-11 20:23:46 +03:00 · 2025-07-11 20:23:46 +03:00 · 4b5dd750dd
commit 4b5dd750dd
parent dc9a4c78fb
4 changed files with 49 additions and 7 deletions
--- a/.deploy-infra/deploy-prod.yaml
+++ b/.deploy-infra/deploy-prod.yaml
@ -28,7 +28,7 @@ services:
        # order: start-first
    
  authelia:
-    image: authelia/authelia
+    image: mathwave/sprint-repo:authelia
    networks:
      - common-infra-nginx
    environment:
@ -39,13 +39,7 @@ services:
      AUTHELIA_STORAGE_POSTGRES_DATABASE: "authelia"
      AUTHELIA_STORAGE_POSTGRES_USERNAME: "postgres"
      AUTHELIA_STORAGE_POSTGRES_PASSWORD: $DB_PASSWORD_PROD
-      AUTHELIA_AUTHENTICATION_BACKEND_FILE_USERS_0_USERNAME: "emmatveev"
-      AUTHELIA_AUTHENTICATION_BACKEND_FILE_USERS_0_PASSWORD: "$argon2id$v=19$m=65536,t=1,p=4$CixMXaAilVof3yk1rtghwg$V/kcl1HNDWeybrV3SrVjjdI00D1lFtuvLldkwAklSOE"
-      AUTHELIA_AUTHENTICATION_BACKEND_FILE_USERS_0_DISPLAYNAME: "Egor Matveev"
-      AUTHELIA_AUTHENTICATION_BACKEND_FILE_USERS_0_EMAIL: "emmtvv@gmail.com"
      AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY: "one_factor"
-      AUTHELIA_ACCESS_CONTROL_RULES_0_DOMAIN_0: "*.chocomarsh.com"
-      AUTHELIA_ACCESS_CONTROL_RULES_0_POLICY: "one_factor"
      AUTHELIA_NOTIFIER_SMTP_ENABLED: "false"
    volumes:
      - /sprint-data/authelia/config:/config
--- a/.gitea/workflows/deploy-prod.yaml
+++ b/.gitea/workflows/deploy-prod.yaml
@ -21,6 +21,8 @@ jobs:
        run: docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod
      - name: build gitea runner
        run: docker build -t mathwave/sprint-repo:gitea-runner gitea-runner
+      - name: build authelia
+        run: docker build -t mathwave/sprint-repo:authelia authelia
  push:
    name: Push
    runs-on: [ prod ]
@ -30,6 +32,8 @@ jobs:
        run: docker push mathwave/sprint-repo:sprint-infra-nginx-prod
      - name: push gitea runner
        run: docker push mathwave/sprint-repo:gitea-runner
+      - name: push authelia
+        run: docker push mathwave/sprint-repo:authelia
  prepare:
    name: prepare
    runs-on: [prod]
--- a/authelia/Dockerfile
+++ b/authelia/Dockerfile
@ -0,0 +1,2 @@
+FROM authelia/authelia
+COPY configuration.yml /config/configuration.yml
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@ -0,0 +1,42 @@
+theme: dark
+
+jwt_secret: secret-jwt-will-be-overridden-by-env
+default_redirection_url: https://auth.chocomarsh.com
+
+server:
+  host: 0.0.0.0
+  port: 9091
+
+log:
+  level: info
+
+authentication_backend:
+  file:
+    users:
+      emmatveev:
+        password: "$argon2id$v=19$m=65536,t=1,p=4$CixMXaAilVof3yk1rtghwg$V/kcl1HNDWeybrV3SrVjjdI00D1lFtuvLldkwAklSOE"
+        displayname: "Egor Matveev"
+        email: emmtvv@gmail.com
+
+access_control:
+  default_policy: one_factor
+  rules:
+    - domain: "*.chocomarsh.com"
+      policy: one_factor
+
+session:
+  name: authelia_session
+  expiration: 1h
+  inactivity: 5m
+  remember_me_duration: 1w
+  cookies:
+    - domain: chocomarsh.com
+      authelia_url: https://auth.chocomarsh.com
+
+storage:
+  postgres:
+    address: tcp://pg.chocomarsh.com:5432
+    database: authelia
+    schema: public
+    username: postgres
+    password: autheliapass  # also override with env if preferred