# yamllint disable rule:comments-indentation
---
###############################################################################
#                           Authelia Configuration                            #
###############################################################################

theme: dark #light/dark
jwt_secret: 9DGPzQy8SZQ7rV57V3DJnw

#default_redirection_url: https://www.google.com/

server:
  host: 0.0.0.0
  port: 9091
  path: ""
  read_buffer_size: 4096
  write_buffer_size: 4096
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
  tls:
    key: ""
    certificate: ""

log:
  level: debug

totp:
  issuer: akanealw.com #your authelia top-level domain
  period: 30
  skew: 0

authentication_backend:
  disable_reset_password: true
  refresh_interval: 5m
  file:
    path: /config/users_database.yml #this is where your authorized users are stored
    password:
      algorithm: argon2id
      iterations: 1
      salt_length: 16
      parallelism: 8
      memory: 64


access_control:
  default_policy: deny
  rules:
    ## bypass rule
    - domain: "auth.akanealw.com" #This should be your authentication URL
      policy: bypass
    - domain: "bitwarden.akanealw.com" #example domain to protect
      policy: bypass
    - domain: "webdav.akanealw.com" #example subdomain to protect
      policy: bypass
    - domain: "meshcentral.akanealw.com" #example subdomain to protect
      policy: bypass
    
    ## one_factor rule
    - domain: "codeserver.akanealw.com"
      policy: one_factor

      #add or remove additional subdomains as necessary. currenlty only supports ONE top-level domain
      #any time you add a new subdomain, you will need to restart the Authelia container to recognize the new settings/rules

session:
  name: authelia_session
  secret: 9DGPzQy8SZQ7rV57V3DJnw #any text or number you want to add here to create jwt Token
  expiration: 3600  # 1 hour
  inactivity: 300  # 5 minutes
  domain: akanealw.com  # Should match whatever your root protected domain is

regulation:
  max_retries: 3
  find_time: 10m
  ban_time: 12h

storage:
  local:
    path: /config/db.sqlite3 #this is your databse. You could use a mysql database if you wanted, but we're going to use this one.
  encryption_key: iiB7C8Bn4A2gAhzs2fWaggUug76PZ4LU #added Dec 5 2021
  
notifier:
  disable_startup_check: true #true/false
  smtp:
    username: akanealw@gmail.com #your email address
    password: qlvmffuzpscltdgz #your email password
    host: smtp.gmail.com #email smtp server
    port: 587 #email smtp port
    sender: akanealw@gmail.com
    identifier: proxyserver
    subject: "[Authelia] {title}" #email subject
    startup_check_address: akanealw@gmail.com
    disable_require_tls: false
    disable_html_emails: false
    tls:
      skip_verify: false
      minimum_version: TLS1.2