Files
nas-tools/tmp_remote/configuration.yml
Gan, Jimmy 8c30fb7a3a chore: remove hardcoded secrets from configuration template
Replace real secrets in tmp_remote/configuration.yml with __ROTATE_*__
placeholders. All leaked values have already been rotated.

Also add .claude/, .codex/, and security_artifacts/ to .gitignore.
2026-02-28 22:22:23 +08:00

72 lines
1.5 KiB
YAML

theme: auto
default_2fa_method: totp
server:
address: 'tcp://0.0.0.0:9092'
log:
level: info
totp:
issuer: nas.jimmygan.com
period: 30
skew: 1
webauthn:
disable: false
display_name: NAS Auth
attestation_conveyance_preference: indirect
user_verification: preferred
timeout: 60s
authentication_backend:
ldap:
implementation: custom
address: 'ldap://localhost:3890'
timeout: 5s
start_tls: false
base_dn: 'dc=jimmygan,dc=com'
additional_users_dn: 'ou=people'
users_filter: '(&({username_attribute}={input})(objectClass=person))'
additional_groups_dn: 'ou=groups'
groups_filter: '(member={dn})'
user: 'uid=admin,ou=people,dc=jimmygan,dc=com'
password: '__ROTATE_LDAP_BIND_PASSWORD__'
attributes:
display_name: displayName
mail: mail
member_of: memberOf
group_name: cn
access_control:
default_policy: two_factor
rules:
- domain: ldap.jimmygan.com
policy: two_factor
session:
secret: __ROTATE_AUTHELIA_SESSION_SECRET__
expiration: 1h
inactivity: 5m
remember_me: 1M
cookies:
- domain: jimmygan.com
authelia_url: https://auth.jimmygan.com:8443
storage:
encryption_key: __ROTATE_AUTHELIA_STORAGE_ENCRYPTION_KEY__
local:
path: /config/db.sqlite3
notifier:
smtp:
address: 'smtp://smtp.gmail.com:587'
username: 'zjgump@gmail.com'
password: '__ROTATE_SMTP_APP_PASSWORD__'
sender: 'NAS Auth <zjgump@gmail.com>'
subject: '[NAS Auth] {title}'
identity_validation:
reset_password:
jwt_secret: __ROTATE_AUTHELIA_RESET_JWT_SECRET__