theme: dark
jwt_secret: 9DGPzQy8SZQ7rV57V3DJnw

#default_redirection_url: https://akanealw.com

server:
  host: 0.0.0.0
  port: 9091
  path: ""
  buffers:
    read: 4096
    write: 4096
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
  tls:
    key: ""
    certificate: ""

ntp:
  address: "0.debian.pool.ntp.org:123"
  version: 3
  max_desync: 3s
  disable_startup_check: true
  disable_failure: true

log:
  level: info

totp:
  disable: false
  issuer: akanealw.com
  algorithm: sha1
  digits: 6
  period: 30
  skew: 1
  secret_size: 32

authentication_backend:
  password_reset:
    disable: true
  refresh_interval: 5m
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      salt_length: 16
      parallelism: 8
      memory: 64

access_control:
  default_policy: deny
  networks:
    - name: internal
      networks:
      - '10.0.0.0/8'
      - '172.16.0.0/12'
      - '192.168.0.0/16'
  rules:
    ## bypass all domains and subdomains from local ips
    - domain:
      - aknlw.com
      - akanealw.com
      - "*.akanealw.com"
      networks:
      - 'internal'
      policy: bypass
    ## bypass api for subdomains
    - domain: 
      - "*.akanealw.com"
      resources:
      - "^/api([/?].*)?$"
      - "^/add([/?].*)?$"  
      - "^/public([/?].*)?$"        
      policy: bypass
    # bypass specific subdomains
    - domain:
      - aknlw.com
      - bitwarden.akanealw.com
      - gitea.akanealw.com
      - nextcloud.akanealw.com
      policy: bypass
    # bypass filebrowser shares
    - domain:
        - "filebrowser.akanealw.com"
      resources:
        - "^/api([/?].*)?$"
        - "^/share([/?].*)?$"
        - "^/static([/?].*)?$"
      policy: bypass
    # two_factor subdomains
    - domain: 
      - akanealw.com
      - "*.akanealw.com"
      policy: two_factor

session:
  name: authelia_session
  domain: akanealw.com
  same_site: lax
  secret: 8r9y4d8mY7NfQtpCe2oU
  expiration: 6h
  inactivity: 5m
  remember_me_duration: 1w

regulation:
  max_retries: 3
  find_time: 10m
  ban_time: 12h

storage:
  local:
    path: /config/db.sqlite3
  encryption_key: iiB7C8Bn4A2gAhzs2fWaggUug76PZ4LU
  
notifier:
  disable_startup_check: true
  smtp:
    username: akanealw@gmail.com
    password: qlvmffuzpscltdgz
    host: smtp.gmail.com
    port: 587
    sender: akanealw@gmail.com
    identifier: dockerserver
    subject: "[Authelia] {title}"
    startup_check_address: akanealw@gmail.com
    disable_require_tls: false
    disable_html_emails: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2