---
###############################################################
#                   Authelia configuration                    #
###############################################################

theme: 'dark'

server:
  address: 'tcp://:9091'

log:
  level: 'debug'

telemetry:
  metrics:
    enabled: false

totp:
  disable: false
  issuer: 'akanealw.com'
  algorithm: 'sha1'
  digits: 6
  period: 30
  skew: 1
  secret_size: 32
  allowed_algorithms:
    - 'SHA1'
  allowed_digits:
    - 6
  allowed_periods:
    - 30
  disable_reuse_security_policy: false


identity_validation:
  reset_password:
    jwt_secret: 'qVwp0m2FE/zrXvSxxehRJXg2Nl0Y7FW9XuxYPpzEQEM='
webauthn:
  disable: false
  enable_passkey_login: false
  display_name: 'Authelia'
  attestation_conveyance_preference: 'indirect'
  timeout: '60 seconds'
  filtering:
    permitted_aaguids: []
    prohibited_aaguids: []
    prohibit_backup_eligibility: false
  selection_criteria:
    attachment: ''
    discoverability: 'preferred'
    user_verification: 'preferred'
  metadata:
    enabled: false
    cache_policy: strict
    validate_trust_anchor: true
    validate_entry: true
    validate_entry_permit_zero_aaguid: false
    validate_status: true
    validate_status_permitted: []
    validate_status_prohibited:
      - 'REVOKED'
      - 'USER_KEY_PHYSICAL_COMPROMISE'
      - 'USER_KEY_REMOTE_COMPROMISE'
      - 'USER_VERIFICATION_BYPASS'
      - 'ATTESTATION_KEY_COMPROMISE'

authentication_backend:
  file:
    path: '/config/users_database.yml'

access_control:
  default_policy: 'two_factor'
  rules:
    # Rules applied to everyone
    - domain: 'bitwarden.akanealw.com'
      policy: 'bypass'
    - domain: '*.akanealw.com'
      policy: 'two_factor'

session:
  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
  secret: 'm4fHZHAtR3KTmnwvY9NnI2uu8OjnxYkuQjNHtcaozCI='

  cookies:
    - name: 'authelia_session'
      domain: 'akanealw.com'  # Should match whatever your root protected domain is
      authelia_url: 'https://authelia.akanealw.com'
      expiration: '1 hour'
      inactivity: '5 minutes'

  redis:
    host: 'redis'
    port: 6379
    password: 'IKjU1KidPjRmUrT5yp2G9ud+6Yc86O6xSk53hVQBlu0='

regulation:
  max_retries: 3
  find_time: '2 minutes'
  ban_time: '5 minutes'

storage:
  encryption_key: 'cF/hDHPpp3ab7vOGgniKsQ9zYPl9n5zIihL/DzLaMAk='
  local:
    path: '/config/db.sqlite3'

notifier:
  smtp:
    username: 'notify.akanealw@gmail.com'
    password: 'xlgektpntvirzavi'
    address: 'smtp://smtp.gmail.com:587'
    sender: 'notify.akanealw@gmail.com'