From 16ca088c2a601ef78e43024b3e6050e1fc86b0b0 Mon Sep 17 00:00:00 2001 From: Emile Date: Sun, 21 Jul 2024 17:49:34 +0200 Subject: authelia sso setting changes --- nix/hosts/corrino/modules/authelia.emile.space.nix | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'nix/hosts/corrino/modules') diff --git a/nix/hosts/corrino/modules/authelia.emile.space.nix b/nix/hosts/corrino/modules/authelia.emile.space.nix index e96d0ca..4a4a72a 100644 --- a/nix/hosts/corrino/modules/authelia.emile.space.nix +++ b/nix/hosts/corrino/modules/authelia.emile.space.nix @@ -111,7 +111,7 @@ in { # we're using a file to store the user information authentication_backend = { - refresh_interval = "1m"; + refresh_interval = "20s"; file = { path = "/var/lib/authelia-main/user.yml"; watch = true; @@ -159,11 +159,11 @@ in { identity_providers = { oidc = { - # regenerate keys like this: - # ; nix run nixpkgs#authelia -- crypto certificate rsa generate - # current serial: deb83f17e27e663f544a16ad2947631d + # regenerate keys like this: + # ; nix run nixpkgs#authelia -- crypto certificate rsa generate + # current serial: deb83f17e27e663f544a16ad2947631d - enable_client_debug_messages = false; + enable_client_debug_messages = false; minimum_parameter_entropy = 8; enforce_pkce = "public_clients_only"; enable_pkce_plain_challenge = false; @@ -201,6 +201,14 @@ in { skew = 1; secret_size = 32; }; + + ntp = { + address = "time.cloudflare.com:123"; + version = 3; + max_desync = "3s"; + disable_startup_check = false; + disable_failure = false; + }; }; }; }; -- cgit 1.4.1