From 90f648fa62e5914ce6e672c4b0a41349d6ad37b6 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 13 Mar 2025 19:58:56 -0400 Subject: [PATCH] Authelia YML fixes. --- .gitea/workflows/pr-cloudflare-docker-deploy.yml | 9 ++++++++- ansible/app-configs/authelia_configuration.yml.j2 | 14 +++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index e48a4827..49ac2ac2 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -25,6 +25,13 @@ jobs: uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64' name: 'tea' version: '0.9.2' + - name: Gotify Notification + uses: eikendev/gotify-action@master + with: + gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' + gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' + notification_title: 'GITEA: PR Check' + notification_message: 'Checking for existing PR... 🔍' - name: Check if open PR exists id: check-opened-pr-step continue-on-error: true @@ -45,7 +52,7 @@ jobs: gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}' gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}' notification_title: 'GITEA: PR Check' - notification_message: 'Checking for existing PR...' + notification_message: 'PR Created 🎟️' docker-compose-ansible-lints: name: Docker Compose & Ansible Lints needs: [check-and-create-pr] diff --git a/ansible/app-configs/authelia_configuration.yml.j2 b/ansible/app-configs/authelia_configuration.yml.j2 index 4d4cfbcb..52ceff88 100644 --- a/ansible/app-configs/authelia_configuration.yml.j2 +++ b/ansible/app-configs/authelia_configuration.yml.j2 @@ -62,11 +62,11 @@ authentication_backend: mail: mail display_name: displayName user: uid=authelia,ou=people,dc=trez,dc=wtf - password: '{{ env AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD }}' + password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}' refresh_interval: 5m identity_validation: reset_password: - jwt_secret: '{{ env AUTHELIA_JWT_SECRET }}' + jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_JWT_SECRET'] }}' password_policy: standard: enabled: true @@ -102,7 +102,7 @@ access_control: - ['user:the.trezured.one'] session: name: authelia_session - secret: '{{ env AUTHELIA_SESSION_SECRET }}' + secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}' expiration: 1h inactivity: 5m remember_me: 1M @@ -113,12 +113,12 @@ session: host: redis port: 6379 storage: - encryption_key: '{{ env AUTHELIA_STORAGE_ENCRYPTION_KEY }}' + encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}' postgres: address: 'tcp://authelia-pg:5432' database: authelia username: authelia - password: '{{ env AUTHELIA_STORAGE_POSTGRES_PASSWORD }}' + password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}' timeout: '5s' regulation: max_retries: 3 @@ -129,8 +129,8 @@ notifier: smtp: address: 'smtp://postal-smtp:25' timeout: '5s' - username: '{{ env AUTHELIA_NOTIFIER_SMTP_USERNAME }}' - password: '{{ env AUTHELIA_NOTIFIER_SMTP_PASSWORD }}' + username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}' + password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}' sender: "Authelia " identifier: 'localhost' subject: "[Authelia] {title}"