[fix] role:authelia

2024-03-20 00:09:41 +01:00 · 2024-03-20 00:09:41 +01:00 · b36bcf9b83
commit b36bcf9b83
parent cb09bca26e
6 changed files with 170 additions and 28 deletions
--- a/ansible/roles/authelia/defaults/main.json
+++ b/ansible/roles/authelia/defaults/main.json
@ -7,7 +7,7 @@
 	"var_authelia_log_file_path": "/var/authelia/log.jsonl",
 	"var_authelia_session_domain": "example.org",
 	"var_authelia_session_secret": "REPLACE_ME",
-	"var_authelia_storage_encryption_key": "storage_encryption_key",
+	"var_authelia_storage_encryption_key": "REPLACE_ME",
 	"var_authelia_storage_kind": "sqlite",
 	"var_authelia_storage_data_sqlite_path": "/var/authelia/state.db",
 	"var_authelia_storage_data_postgresql_host": "localhost",
@ -25,9 +25,9 @@
 	"var_authelia_notification_mode": "smtp",
 	"var_authelia_notification_file_path": "/var/authelia/notifications",
 	"var_authelia_notification_smtp_host": "smtp.example.org",
-	"var_authelia_notification_smtp_port": "465",
+	"var_authelia_notification_smtp_port": 465,
 	"var_authelia_notification_smtp_username": "authelia",
 	"var_authelia_notification_smtp_password": "REPLACE_ME",
-	"var_authelia_notification_smtp_sender": "Authelia",
+	"var_authelia_notification_smtp_sender": "authelia@example.org",
 	"var_authelia_oidc_hmac_secret": "REPLACE_ME"
 }
--- a/ansible/roles/authelia/files/user-manage.py
+++ b/ansible/roles/authelia/files/user-manage.py
@ -28,14 +28,18 @@ def file_write(path, content):
 	return content
 	

-def get_password_hash(binary_file_path, conf_file_path, name):
+def get_password_hash(binary_file_path, conf_file_path, password):
+	# /usr/bin/authelia --config=/etc/authelia/configuration.yml crypto hash generate bcrypt --password=alice
 	output = _subprocess.check_output([
 		binary_file_path,
 		"--config=%s" % conf_file_path,
-		"hash-password",
-		name
+		"crypto",
+		"hash",
+		"generate",
+		"bcrypt",
+		"--password=%s" % password,
 	])
-	return output.decode("utf-8").split("\n")[0][8:]
+	return output.decode("utf-8").split("\n")[0].split(" ")[1]
 	

 def postprocess(binary_file_path, conf_file_path, data):
--- a/ansible/roles/authelia/tasks/main.json
+++ b/ansible/roles/authelia/tasks/main.json
@ -3,6 +3,7 @@
 		"name": "packages | prerequisites",
 		"become": true,
 		"ansible.builtin.apt": {
+			"update_cache": true,
 			"pkg": [
 				"apt-transport-https",
 				"gpg"
--- a/ansible/roles/authelia/templates/conf-main.json.j2
+++ b/ansible/roles/authelia/templates/conf-main.json.j2
@ -1,13 +1,17 @@
 {
 	"theme": "auto",
-	"jwt_secret": "{{var_authelia_jwt_secret}}",
+	"identity_validation": {
+		"reset_password": {
+			"jwt_secret": "{{var_authelia_jwt_secret}}"
+		}
+	},
 	"default_2fa_method": "totp",
 	"server": {
-		"host": "{{var_authelia_listen_address}}",
-		"port": 9091,
-		"path": "",
-		"enable_pprof": false,
-		"enable_expvars": false,
+		"address": "{{var_authelia_listen_address}}:9091",
+		"endpoints": {
+			"enable_pprof": false,
+			"enable_expvars": false
+		},
 		"disable_healthcheck": false
 	},
 	"log": {
@ -121,7 +125,7 @@
 		"secret": "{{var_authelia_session_secret}}",
 		"expiration": "1h",
 		"inactivity": "5m",
-		"remember_me_duration": "1M"
+		"remember_me": "1M"
 	},
 	"regulation": {
 		"max_retries": 3,
@ -137,8 +141,7 @@
 {% endif %}
 {% if var_authelia_storage_kind == "postgresql" %}
 		"postgres": {
-			"host": "{{var_authelia_storage_data_postgresql_host}}",
-			"port": {{var_authelia_storage_data_postgresql_port | string}},
+			"address": "{{var_authelia_storage_data_postgresql_host}}:{{var_authelia_storage_data_postgresql_port | string}}",
 			"schema": "public",
 			"username": "{{var_authelia_storage_data_postgresql_username}}",
 			"password": "{{var_authelia_storage_data_postgresql_password}}",
@ -163,18 +166,18 @@
 		}
 {% endif %}
 {% if var_authelia_notification_mode == "smtp" %}
-	"smtp": {
-		"host": "{{var_authelia_notification_smtp_host}}",
-		"port": {{var_authelia_notification_smtp_port}},
-		"username": "{{var_authelia_notification_smtp_username}}",
-		"password": "{{var_authelia_notification_smtp_password}}",
-		"sender": "{{var_authelia_notification_smtp_sender}}",
-		"disable_require_tls": false,
-		"disable_html_emails": false,
-		"tls": {
-			"skip_verify": false
+		"smtp": {
+			"host": "{{var_authelia_notification_smtp_host}}",
+			"port": {{var_authelia_notification_smtp_port | string}},
+			"username": "{{var_authelia_notification_smtp_username}}",
+			"password": "{{var_authelia_notification_smtp_password}}",
+			"sender": "{{var_authelia_notification_smtp_sender}}",
+			"disable_require_tls": false,
+			"disable_html_emails": false,
+			"tls": {
+				"skip_verify": false
+			}
 		}
-	}
 {% endif %}
 	},
 	"identity_providers": {
--- a/ansible/roles/authelia/templates/users.yml.j2
+++ b/ansible/roles/authelia/templates/users.yml.j2
@ -1 +1,5 @@
-users: {}
+users:
+  _dummy:
+    displayname: dummy
+    password: "$2b$12$N5qptdk1VtpSlIlCxspLxeNeRIP6UEho4r1ZCoOlfpAtsIJQIjV/a"
+    email: dummy@example.org
--- a/ansible/roles/authelia/vardef.json
+++ b/ansible/roles/authelia/vardef.json
@ -0,0 +1,130 @@
+{
+	"version": {
+		"type": "string",
+		"mandatory": false
+	},
+	"architecture": {
+		"type": "string",
+		"mandatory": false
+	},
+	"listen_address": {
+		"type": "string",
+		"mandatory": false
+	},
+	"jwt_secret": {
+		"type": "string",
+		"mandatory": true
+	},
+	"users_file_path": {
+		"type": "string",
+		"mandatory": false
+	},
+	"log_file_path": {
+		"type": "string",
+		"mandatory": false
+	},
+	"session_domain": {
+		"type": "string",
+		"mandatory": false
+	},
+	"session_secret": {
+		"type": "string",
+		"mandatory": true
+	},
+	"storage_encryption_key": {
+		"type": "string",
+		"mandatory": true
+	},
+	"storage_kind": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_sqlite_path": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_postgresql_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_postgresql_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"storage_data_postgresql_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_postgresql_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_postgresql_schema": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_mariadb_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_mariadb_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"storage_data_mariadb_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_mariadb_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"storage_data_mariadb_schema": {
+		"type": "string",
+		"mandatory": false
+	},
+	"ntp_server": {
+		"type": "string",
+		"mandatory": false
+	},
+	"password_reset_enabled": {
+		"type": "boolean",
+		"mandatory": false
+	},
+	"notification_mode": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"file",
+			"smtp"
+		]
+	},
+	"notification_file_path": {
+		"type": "string",
+		"mandatory": false
+	},
+	"notification_smtp_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"notification_smtp_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"notification_smtp_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"notification_smtp_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"notification_smtp_sender": {
+		"type": "string",
+		"mandatory": false
+	},
+	"oidc_hmac_secret": {
+		"type": "string",
+		"mandatory": true
+	}
+}