---
theme: dark

server:
  address: tcp://0.0.0.0:9091
  buffers:
    read: 65536
    write: 65536

access_control:
  default_policy: deny
  networks:
    - name: internal
      networks:
        - 192.168.2.0/24
  rules:
    - domain: "*.yourdomain.com"
      policy: bypass
      networks:
        - internal
    - domain: "*.yourdomain.com"
      policy: one_factor

log:
  level: info
  file_path: /logs/authelia.log
  format: json
  keep_stdout: true

#default_redirection_url: https://auth.yourdomain.com

totp:
  issuer: authelia.com

identity_validation:
  reset_password:
    jwt_secret: "{{ env `AUTHELIA_JWT_SECRET` }}"

# docker run authelia/authelia:latest authelia crypto hash generate argon2 -i 1 -p 8 -v argon2id --password 'yourpassword'
authentication_backend:
  refresh_interval: 5m
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      salt_length: 16
      parallelism: 8
      memory: 64

session:
  name: authelia_session
  secret: "{{ env `AUTHELIA_SESSION_SECRET` }}"
  inactivity: 5d   # 5 days
  expiration: 30d  # 30 days
  remember_me: 60d # 60 days
  cookies:
    - domain: 'yourdomain.com'
      authelia_url: 'https://auth.yourdomain.com'
      default_redirection_url: 'https://yourdomain.com'
      name: 'authelia_session'
      inactivity: 5d   # 5 days
      expiration: 30d  # 30 days
      remember_me: 60d # 60 days

regulation:
  max_retries: 5
  find_time: 120m
  ban_time: 300m

storage:
  encryption_key: "{{ env `AUTHELIA_STORAGE_ENCRYPTION_KEY` }}}"
  local:
    path: /config/db.sqlite3

notifier:
  smtp:
    address: submission://smtp.gmail.com:587
    username: "{{ env `AUTHELIA_NOTIFIER_USERNAME` }}"
    password: "{{ env `AUTHELIA_NOTIFIER_PASSWORD` }}"
    sender: ksolomon+authelia@gmail.com

ntp:
  address: time.cloudflare.com:123
  version: 3
  max_desync: 3s
  disable_startup_check: false
  disable_failure: false