commit 734c1e025a3e3d33329f73a5a06aabf8821b5819 Author: bel Date: Tue Sep 14 06:32:49 2021 -0600 archive diff --git a/authelia/.gitignore b/authelia/.gitignore new file mode 100644 index 0000000..118f411 --- /dev/null +++ b/authelia/.gitignore @@ -0,0 +1,3 @@ +/authelia +/authelia.tar +**/*.sw* diff --git a/authelia/Dockerfile b/authelia/Dockerfile new file mode 100644 index 0000000..043fed0 --- /dev/null +++ b/authelia/Dockerfile @@ -0,0 +1,13 @@ +FROM golang:1.16.2 as builder + +WORKDIR /go/src/github.com/authelia/authelia +COPY ./authelia/ ./ +RUN cd cmd/authelia && go build -o /authelia -a -installsuffix cgo -ldflags "-s -w" && /authelia -h + +FROM frolvlad/alpine-glibc:glibc-2.29 +WORKDIR /opt +COPY --from=builder /authelia ./ +RUN ls && ./authelia -h && du -sh ./authelia + +CMD ["./authelia"] +ENTRYPOINT [] diff --git a/authelia/autheliaserver.crt b/authelia/autheliaserver.crt new file mode 100644 index 0000000..6f8d814 --- /dev/null +++ b/authelia/autheliaserver.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFHDCCAwSgAwIBAgIJAPYvXJ4jh54bMA0GCSqGSIb3DQEBCwUAMDwxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJVVDEOMAwGA1UECgwFYnJlZWwxEDAOBgNVBAMMB2Jl +bC5sYW4wHhcNMjEwMzIxMDU1MTEwWhcNNDEwMzE2MDU1MTEwWjA8MQswCQYDVQQG +EwJVUzELMAkGA1UECAwCVVQxDjAMBgNVBAoMBWJyZWVsMRAwDgYDVQQDDAdiZWwu +bGFuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzdEjyzdYedzUcYy4 +/325S2HaLDa2XKjmmHR0X1zPCdsXC33U7GqNiUTdyzl9FRojUYZ7xrMtGKTnzRUk +Jh6e59Ei0mhn75zxsRzCz6y3JJ5sYfQUMYjr9KnWY5r5x00Rb+FcpMzybWhwR4Wk +4GRCoukU+bn0Lv3efTUPVjUjjCjMpbvD1x/8cLjZ/nBdWWNbI+t+j3jHxA2Z1vOw +ZKCpJjbiQREimFpobzvGUatBPDp0i95pXIMRHTGfH5ykJjJe9zawZJYTsI4pXfOA +0Gt8DhPltXR4jON1M8E+BvjCmgvvQX+x/GH8lVP9aJ5PnFbFLfZKEnvt6RKwsEun +kcD6T1YmTP73lHWk4NLIniP90z65WVtW3MU91oXJbGM0gbuSqVT9TtVwXYyIqlAu +9cr/GPZYrS8vKlIkjU0IW4d33B/0eRcYfzawtf0TsxluwqtBu6gwn8cpuLDONvYW +K8ALBgG3kcjKa5hZ4Zxgj78Sl3lXhtuFLlYzl80tegDhHo55UU+abBW6VZU4+j+n +GcdMKIoiSvJ9N6F+GaKtYSSDLwv//zcd2DsqeBUgIQsDIhD3Ve9C/m4zKAcWGeeq +CxBh3AsJ1j9vY17IMp0xk5AFumL8wFhptVpUshLWhwNez2vFNHKWUJSPHefmEGiU +W/A+BcfqyuaOHiCeQZS+Wi7//QECAwEAAaMhMB8wHQYDVR0RBBYwFIIHYmVsLmxh +boIJKi5iZWwubGFuMA0GCSqGSIb3DQEBCwUAA4ICAQC4kJrJ8J1XnEYlS9xi8xC8 +qgEL1iiXv9hc7lP8rwo6OstXZPN5+0dxhdXho2dWjgd1MGfsMi/NOcQ8J6kp99YZ +8ASpcTK9uAxfy5al34tmWJnrBiOfh+CATdlzBMvnirVAyvi9Zpb9otLNmXUOsmjL +IHlrxck4EZhLEVEk6Cjvt1hh/2nWZ5M2Oa/dcuXU6WHFALXRuQzEd7m71W0ekoA7 +f+jqADMX2PCCyRtRXu7ex3NvgbK2pfvOZK2hPvNmDNsCgoMZAZnPizJfss2nELv1 +gRMJq2R6mn+E2nQQofUbkE83IUiG/qnQq1ATn+I/h/36E7J+LpuJmTrO+gEtUrTW +rL7Ja7TA1o5vzn/lsgA1aWfG6PUKu5Ux5KPeAdER1p+09YSVxJpGMsNWnFkj+s1M +Yb62Igm7D9e8e0Ehmh+sQiPT1VUSSaADpQcBc4NJt7HGsaTLcGqGcg5v6FInb0bm +UwEGUsmX3EKzHIboc3KernVuvkPS1r5JeHWTFx6HCOMeUXiBiQbWCIdOxrxAEUN2 +/cmHfs1kQ7LtKoS/EqkUpx94X5rRvnt0LhNa6iGz2pMxCC6ctayxOeJjOuXMMgqM +I/L8Ioku4mng+yTA06lS7sfIY1CG+EO3b8UGVMFrQm0SvYU/UaWBH55cNF6QvIg2 +/gEEz+x4DRV6Sb7a9hMOhA== +-----END CERTIFICATE----- diff --git a/authelia/autheliaserver.key b/authelia/autheliaserver.key new file mode 100644 index 0000000..522ce82 --- /dev/null +++ b/authelia/autheliaserver.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAzdEjyzdYedzUcYy4/325S2HaLDa2XKjmmHR0X1zPCdsXC33U +7GqNiUTdyzl9FRojUYZ7xrMtGKTnzRUkJh6e59Ei0mhn75zxsRzCz6y3JJ5sYfQU +MYjr9KnWY5r5x00Rb+FcpMzybWhwR4Wk4GRCoukU+bn0Lv3efTUPVjUjjCjMpbvD +1x/8cLjZ/nBdWWNbI+t+j3jHxA2Z1vOwZKCpJjbiQREimFpobzvGUatBPDp0i95p +XIMRHTGfH5ykJjJe9zawZJYTsI4pXfOA0Gt8DhPltXR4jON1M8E+BvjCmgvvQX+x +/GH8lVP9aJ5PnFbFLfZKEnvt6RKwsEunkcD6T1YmTP73lHWk4NLIniP90z65WVtW +3MU91oXJbGM0gbuSqVT9TtVwXYyIqlAu9cr/GPZYrS8vKlIkjU0IW4d33B/0eRcY +fzawtf0TsxluwqtBu6gwn8cpuLDONvYWK8ALBgG3kcjKa5hZ4Zxgj78Sl3lXhtuF +LlYzl80tegDhHo55UU+abBW6VZU4+j+nGcdMKIoiSvJ9N6F+GaKtYSSDLwv//zcd +2DsqeBUgIQsDIhD3Ve9C/m4zKAcWGeeqCxBh3AsJ1j9vY17IMp0xk5AFumL8wFhp +tVpUshLWhwNez2vFNHKWUJSPHefmEGiUW/A+BcfqyuaOHiCeQZS+Wi7//QECAwEA +AQKCAgEAiqoPDYj6SRAo6V+//BI+VrVUgllSP9djlO9QwDcNHjzHp+xdGfMn7IXD +UHoo9aCojvKmTdbF2UaxDZDiy/PxZ4mVhmDlNaBtjcAs2DIrKba6mrwRJtZy8mHC +mVT+V/JqfxA8lKOn6WJl0yoNTUj/RDb49M793vMXhQ/Mh25BxtpuFnMMnNFmCKPh +6vTVT7YK34Z3vD3JiSMItLN18jX0AFUV1nSu9CplFhwVn0xcJTHU968fGT8MtriJ +1oh4Z2ukY7Yq3XnnRhphcHTwIntoFyv8pWYVGgbdHcNiANx0b8j+pwhbaAi0Xf86 +SdPvGwuyySaX/SAVx+PZus0d1qtHeBptTD9y8JlgveMWS9v1jgggCAOBMx7svatq +5fvvIYD2WAYRKhC5Jc5q1OZzAi0TIBBzeyzy+UIu4rFRIsGvJ3TuXdbRBZiLm9JK +g9/cxVVaRsUTHvSyWxM8q+fmQ+DGdxNqF+eeuqQZgMXrj3yqKVgbtybmMOrQ1ND/ +J621uT0JxxYsvBJC3ACs0dFHPYA9et2qY2ESOCIjh/prvPJzHpQGThlmkKNr/kQB +1jdJVQYui07QnSXHVRAHyf8TY9S6oQa/4mebmXXE4Eg9Jtq/G0RnOyT1TMpHz3vl +dDn75Wi2RcgcLuI03WbAvQPyerlnB0MwGNAX1YlJgNnPNu1bPekCggEBAPLirga7 +0yW8/Tm0VuDA1pRf2M2blTcUktEIYdn1l63mpgQZjgDVj6o46Z8vlouPUONaM137 +0FlXBDB309p52jAnPQrWrFyF8LeFYhgEtp/7NziDnABHuYRN/Y9gXtQsVNaK99G/ +g/wAlJQm5oclh9cUWKVOocQ00YtVwwquoQv6+3SW7qkiWO2IyvSOyoUyXCIh19bQ +BUAJphaP5QrhYd0dwMxWqsHrf/OVBsE9htleq8rUpBlezMR9ea/GGE8svKdyNPSO +waSK3KUZhO6Wia3Q6gjDeGS7jliy6FUV8Tx9ZTTNcf99OFotfbR23PjwalvB/67r +2mDliTMEFU8flV8CggEBANjuEzOP58j7LVYltoLVN2Zf8tglb2u+55CqKokfkvrs +JLuNZhIr11ZM53LbNnn/10RiEvu7qJuVZTW6eLNqsySWMk/p2w2Ndct5PvXWgcxn +yO+uqULkXRcklncyx/PMpl+pWk5MEk008W3HdSbws7xYxrFUSxg9sf0gT9vPBxzH +8dSjEdI5rUvVUrq+nJrlQ19PKtWyx2tNON96l0eQAfLquDiKkPcpLr9Ev/NW7zVN +id0GU8z4ePLzkkZyWctLDTjYUPLC2Pwr1mXCLx9gVgOgGVtY0IeY38z9CjwilQj1 +U25WHKQBuQ0chLcQP+ujpNk+mwA/qALX725PA/JKKZ8CggEAYUFHMccPuzK7qtl9 +WC2fPnZKl7nOu+lvCGh01hOzEp0iqM2awNbC2gRD98vUWjmeyAqcOuvT95ISSV4R +5I+aQGHV3XssNTgktTehmcB5aAHtkKGSW8JclI+uEjUig47kwauPo9st/EA3PkN9 +V2w9wm+RN1APEkOcDFDg8mwObH+pJHwzQGJSfXqi2d47Va5emgQ3KvrMv2GdsbcY +nYy15RY+1xN0+IVWDLEFrWb3kh6IZ4VR2B7Pm3YqvalynnFpcRsX/T0UaNB5nVpk +kiyRIJpgu/WZRaycSQQKZ9eLaw9C8Su6k/UOFX3VsedOgBe0Xt2FhgNGxDnlABqI +ddBNvQKCAQEAo7ReVy4FG925Y+aH6gnfielkiQsPH39snvZbrSlfsO5d9g+J9LKT +CbR1gW6+mKiimh9s9f2zCt5eB4LWLYea80RJaZcwUPTs7QVtpvYe89Nqhr4HS8ys +F5fr2L5AuNI6x7w0wxuTQCJxA4he92j0KnHQV+gl14BPfpdQzK9aTbTx4abB/yS5 +i53LldPcuOPEyPskdyo4Zdhb0AJigYXCgr/xD/I53dt9RKgsNwXm9RGztVFeEjN8 +itOXEoSfENRtgPV1eQ3j08F9RUOabhI0Nv4txIqsq3eJhNd8Ts9GKwF/2acwa/BE +5wkbek7P/hJ7h9o//JsNPkAYluUYNFMVPwKCAQBMT6GyiuiDjneYzk2RGAtzI7/y +eRiwNdx+K1b144p0Vn3Kb2g1afFEVOK+c6LwIkcbBJOctrsT3JnaK1dMuw5UElxq +j9rt6FTs7PlU5BJd3m42xufCHNybm/GeIxGVAtf1hvcQcNRAdTSwS5+x2jPx6AfT +xeJsuAiFaBnBU5+1OW+6/s/aouPuKfsQZUsg5S002Gta3a+AFoq8tk078/5Fb2Qr +spJGjWsZBfVgnmZ6sFIoB/X3+xtOObEu3Tyzfe38nZbkPOU4I2UQLcV29YuWUuWQ +xQiH8ZzhUloecCNpn7ZNK7wT9QZbV5NbA2EMRCm2jq9oKu8DA0JEGZ0vU8xu +-----END RSA PRIVATE KEY----- diff --git a/authelia/configuration.yml b/authelia/configuration.yml new file mode 100644 index 0000000..3446618 --- /dev/null +++ b/authelia/configuration.yml @@ -0,0 +1,51 @@ +host: 0.0.0.0 +port: 9491 +log_level: trace +# $AUTHELIA_JWT_SECRET_FILE +jwt_secret: secret +default_redirection_url: https://not-found.bel.lan:9500 +theme: dark +totp: + issuer: bel.lan + +authentication_backend: + file: + path: ./users_database.yml + +access_control: + default_policy: deny + rules: + - domain: authelia.bel.lan + policy: bypass + - domain: x.bel.lan + policy: bypass + - domain: y.bel.lan + policy: one_factor + - domain: z.bel.lan + policy: two_factor + +session: + name: authelia_session + expiration: 1h # 1 hour + inactivity: 5m # 5 minutes + domain: bel.lan # Should match whatever your root protected domain is + remember_me_duration: 1M + +regulation: + max_retries: 3 + find_time: 120 + ban_time: 300 + +storage: + local: + path: ./tmp/db.sqlite3 + +notifier: + disable_startup_check: false + filesystem: + filename: ./tmp/email.txt + +#duo_api: +# hostname: x.bel.lan:9500 +# integration_key: ABC +# secret_key: DEF \ No newline at end of file diff --git a/authelia/pretend.yaml b/authelia/pretend.yaml new file mode 100644 index 0000000..639e891 --- /dev/null +++ b/authelia/pretend.yaml @@ -0,0 +1,12 @@ +port: 9501 +endpoints: + /auth/v2/auth: + body: + response: + result: "allow" + status: "200" + status_msg: "ok" + code: 200 + message: "allow" + message_detail: "allow" + stat: "allow" diff --git a/authelia/run.sh b/authelia/run.sh new file mode 100644 index 0000000..c0b1c5e --- /dev/null +++ b/authelia/run.sh @@ -0,0 +1,129 @@ +#! /bin/bash + +main() { + set -e + set -o pipefail + set -u + trap cleanup SIGINT ERR EXIT + + cd "$(dirname "$BASH_SOURCE")" + mkdir -p "$PWD/tmp" + + build_authelia + echo cp $GOPATH/src/github.com/authelia/authelia/compose/lite/authelia/* ./ + start_sidecars +} + +build_authelia_docker() { + build_authelia + rm -rf ./authelia + cp -r $GOPATH/src/github.com/authelia/authelia ./authelia + pushd authelia + export GOFLAGS="" + export GO111MODULE="" + go mod vendor + export GOFLAGS="-mod=vendor" + export GO111MODULE="off" + popd + docker build -t bel/authelia:v0.0 . +} + +build_authelia() { + if which authelia &> /dev/null; then + return + fi + export INLINE_RUNTIME_CHUNK=false + export CGO_ENABLED=1 + export GOFLAGS="" + export GO111MODULE="" + repo=github.com/authelia/authelia + + pushd $GOPATH/src/$repo + + if ! cat internal/server/public_html/index.html | grep -q .; then + pushd web + yarn install + yarn build + popd + rm -rf ./internal/server/public_html + mv web/build ./internal/server/public_html + cp -r api ./internal/server/public_html/ + fi + rm -rf web/node_modules + + git_commit=$( + ( + git rev-list -1 HEAD + if git diff | grep . > /dev/null; then + echo "-dirty" + fi + ) 2> /dev/null | tr -d '\n' + ) + common=("-a" "-installsuffix" "cgo" "-ldflags" "-s -w -X main.GitCommit=$git_commit") + + pushd cmd/authelia + go build -o $GOPATH/bin/authelia "${common[@]}" + popd + + popd + + export GOFLAGS="-mod=vendor" + export GO111MODULE="off" +} + +start_sidecars() { + start_cleanup + start_rproxy3 & + start_pretend & + start_echo & + start_authelia & + wait -n 1 +} + +start_cleanup() { + trap cleanup SIGINT ERR EXIT +} + +start_rproxy3() { + rproxy3 \ + -p 9500 \ + -proxy authelia,http://localhost:9491$( + start_port=9500 + for i in {x..z}; do + ((start_port+=1)) + printf ",,%s,http://localhost:%d" $i $start_port + done + ) \ + -crt ./*.crt \ + -key ./*.key \ + -authelia https://authelia.bel.lan:9500 \ + +} + +start_pretend() { + pretend -config ./pretend.yaml +} + +start_echo() { + start_cleanup + for p in {9502..9503}; do + echo-server -p $p & + done + wait -n 1 +} + +start_authelia() { + #export ENVIRONMENT=dev + authelia --config ./configuration.yml +} + +cleanup() { + jobs -p + kill -9 $(jobs -p) + jobs + trap - SIGINT ERR EXIT +} + +if [ "$0" == "$BASH_SOURCE" ]; then + main "$@" +fi diff --git a/authelia/tmp/db.sqlite3 b/authelia/tmp/db.sqlite3 new file mode 100644 index 0000000..d980fb3 Binary files /dev/null and b/authelia/tmp/db.sqlite3 differ diff --git a/authelia/tmp/email.txt b/authelia/tmp/email.txt new file mode 100644 index 0000000..e69de29 diff --git a/authelia/users_database.yml b/authelia/users_database.yml new file mode 100644 index 0000000..fa46b96 --- /dev/null +++ b/authelia/users_database.yml @@ -0,0 +1,8 @@ +users: + authelia: + displayname: "Authelia User" + password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # Password is 'authelia' + email: authelia@authelia.com + groups: + - admins + - dev \ No newline at end of file