Authelia
services.authelia.instances
Multi-domain protection currently requires multiple instances of Authelia. If you don't require multiple instances of Authelia you can define just the one.
https://www.authelia.com/roadmap/active/multi-domain-protection/
Type: attribute set of (submodule)
Default
{ }
Example
'' { main = { enable = true; secrets.storageEncryptionKeyFile = "/etc/authelia/storageEncryptionKeyFile"; secrets.jwtSecretFile = "/etc/authelia/jwtSecretFile"; settings = { theme = "light"; default_2fa_method = "totp"; log.level = "debug"; server.disable_healthcheck = true; }; }; preprod = { enable = false; secrets.storageEncryptionKeyFile = "/mnt/pre-prod/authelia/storageEncryptionKeyFile"; secrets.jwtSecretFile = "/mnt/pre-prod/jwtSecretFile"; settings = { theme = "dark"; default_2fa_method = "webauthn"; server.host = "0.0.0.0"; }; }; test.enable = true; test.secrets.manual = true; test.settings.theme = "grey"; test.settings.server.disable_healthcheck = true; test.settingsFiles = [ "/mnt/test/authelia" "/mnt/test-authelia.conf" ]; }; }''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.enable
Whether to enable Authelia instance.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.environmentVariables
Additional environment variables to provide to authelia.
If you are providing secrets please consider the options under {option}services.authelia.<instance>.secrets
or make sure you use the _FILE suffix.
If you provide the raw secret rather than the location of a secret file that secret will be preserved in the nix store.
For more details: https://www.authelia.com/configuration/methods/secrets/
Type: attribute set of string
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.group
The name of the group for this authelia instance.
Type: string
Default
"authelia-‹name›"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.name
Name is used as a suffix for the service name, user, and group.
By default it takes the value you use for <instance> in:
{option}services.authelia.<instance>
Type: string
Default
"‹name›"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.package
The authelia package to use.
Type: package
Default
pkgs.authelia
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.secrets
It is recommended you keep your secrets separate from the configuration. It's especially important to keep the raw secrets out of your nix configuration, as the values will be preserved in your nix store. This attribute allows you to configure the location of secret files to be loaded at runtime.
https://www.authelia.com/configuration/methods/secrets/
Type: submodule
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.secrets.jwtSecretFile
Path to your JWT secret used during identity verificaton.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.secrets.manual
Configuring authelia's secret files via the secrets attribute set is intended to be convenient and help catch cases where values are required to run at all. If a user wants to set these values themselves and bypass the validation they can set this value to true.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.secrets.oidcHmacSecretFile
Path to your HMAC secret used to sign OIDC JWTs.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile
Path to your private key file used to encrypt OIDC JWTs.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.secrets.sessionSecretFile
Path to your session secret. Only used when redis is used as session storage.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.secrets.storageEncryptionKeyFile
Path to your storage encryption key.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings
Your Authelia config.yml as a Nix attribute set.
There are several values that are defined and documented in nix such as default_2fa_method,
but additional items can also be included.
https://github.com/authelia/authelia/blob/master/config.template.yml
Type: YAML value
Default
{ }
Example
'' { theme = "light"; default_2fa_method = "totp"; log.level = "debug"; server.disable_healthcheck = true; }''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.default_2fa_method
Default 2FA method for new users and fallback for preferred but disabled methods.
Type: one of "", "totp", "webauthn", "mobile_push"
Default
""
Example
"webauthn"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.log.file_path
File path where the logs will be written. If not set logs are written to stdout.
Type: null or path
Default
null
Example
"/var/log/authelia/authelia.log"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.log.format
Format the logs are written as.
Type: one of "json", "text"
Default
"json"
Example
"text"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.log.keep_stdout
Whether to also log to stdout when a file_path is defined.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.log.level
Level of verbosity for logs: info, debug, trace.
Type: one of "info", "debug", "trace"
Default
"debug"
Example
"info"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.server.address
The address to listen on.
Type: string
Default
"tcp://:9091/"
Example
"unix:///var/run/authelia.sock?path=authelia&umask=0117"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.telemetry.metrics.address
The address to listen on for metrics. This should be on a different port to the main server.port value.
Type: string
Default
"tcp://127.0.0.1:9959"
Example
"tcp://0.0.0.0:8888"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.telemetry.metrics.enabled
Enable Metrics.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settings.theme
The theme to display.
Type: one of "light", "dark", "grey", "auto"
Default
"light"
Example
"dark"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.settingsFiles
Here you can provide authelia with configuration files or directories.
It is possible to give authelia multiple files and use the nix generated configuration
file set via {option}services.authelia.<instance>.settings.
Type: list of path
Default
[ ]
Example
["/etc/authelia/config.yml""/etc/authelia/access-control.yml""/etc/authelia/config/"]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix
services.authelia.instances.<name>.user
The name of the user for this authelia instance.
Type: string
Default
"authelia-‹name›"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/security/authelia.nix