Authelia YML fixes.

2025-03-13 19:58:56 -04:00
parent a4dfc70c66
commit 90f648fa62
2 changed files with 15 additions and 8 deletions
@@ -25,6 +25,13 @@ jobs:
          uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
          name: 'tea'
          version: '0.9.2'
+      - name: Gotify Notification
+        uses: eikendev/gotify-action@master
+        with:
+          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
+          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
+          notification_title: 'GITEA: PR Check'
+          notification_message: 'Checking for existing PR... 🔍'
      - name: Check if open PR exists
        id: check-opened-pr-step
        continue-on-error: true
@@ -45,7 +52,7 @@ jobs:
          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
          notification_title: 'GITEA: PR Check'
-          notification_message: 'Checking for existing PR...'
+          notification_message: 'PR Created 🎟️'
  docker-compose-ansible-lints:
    name: Docker Compose & Ansible Lints
    needs: [check-and-create-pr]
@@ -62,11 +62,11 @@ authentication_backend:
      mail: mail
      display_name: displayName
    user: uid=authelia,ou=people,dc=trez,dc=wtf
-    password: '{{ env AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD }}'
+    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
  refresh_interval: 5m
 identity_validation:
  reset_password:
-    jwt_secret: '{{ env AUTHELIA_JWT_SECRET }}'
+    jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_JWT_SECRET'] }}'
 password_policy:
  standard:
    enabled: true
@@ -102,7 +102,7 @@ access_control:
      - ['user:the.trezured.one']
 session:
  name: authelia_session
-  secret: '{{ env AUTHELIA_SESSION_SECRET }}'
+  secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
  expiration: 1h
  inactivity: 5m
  remember_me: 1M
@@ -113,12 +113,12 @@ session:
    host: redis
    port: 6379
 storage:
-  encryption_key: '{{ env AUTHELIA_STORAGE_ENCRYPTION_KEY }}'
+  encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
  postgres:
    address: 'tcp://authelia-pg:5432'
    database: authelia
    username: authelia
-    password: '{{ env AUTHELIA_STORAGE_POSTGRES_PASSWORD }}'
+    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
    timeout: '5s'
 regulation:
  max_retries: 3
@@ -129,8 +129,8 @@ notifier:
  smtp:
    address: 'smtp://postal-smtp:25'
    timeout: '5s'
-    username: '{{ env AUTHELIA_NOTIFIER_SMTP_USERNAME }}'
-    password: '{{ env AUTHELIA_NOTIFIER_SMTP_PASSWORD }}'
+    username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
+    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
    sender: "Authelia <noreply@trez.wtf>"
    identifier: 'localhost'
    subject: "[Authelia] {title}"