###############################################################
#                   Authelia configuration                    #
###############################################################

server.host: 0.0.0.0
server.port: 9091
log:
  level: info

# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
# I used this site to generate the secret: https://www.grc.com/passwords.htm
#jwt_secret: SECRET_GOES_HERE # use docker secret file instead AUTHELIA_JWT_SECRET_FILE

# https://docs.authelia.com/configuration/miscellaneous.html#default-redirection-url
default_redirection_url: https://authelia.milvert.com

totp:
  issuer: authelia.com
  period: 30
  skew: 1

# Enable the following for Duo Push Notification support
# https://www.authelia.com/docs/features/2fa/push-notifications.html
#duo_api:
#  hostname: api-123456789.example.com
#  integration_key: ABCDEF
#  # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
#  secret_key: # use docker secret file instead AUTHELIA_DUO_API_SECRET_KEY_FILE

authentication_backend:
  file:
    path: /config/users_database.yml
    # customize passwords based on https://docs.authelia.com/configuration/authentication/file.html
    password:
      algorithm: argon2id
      iterations: 1
      salt_length: 16
      parallelism: 8
      memory: 1024 # blocks this much of the RAM. Tune this.

# https://docs.authelia.com/configuration/access-control.html
access_control:
  default_policy: deny
  rules:
    # Rules applied to everyone
    - domain: authelia.milvert.com
      policy: bypass
#    - domain: radarr.example.com
#      policy: bypass
#      subject: "group:admins"
#      resources:
#      - "^/api/.*$"
#    - domain: "*.example.com"
#      policy: one_factor
    - domain: "*.milvert.com"
      policy: two_factor
    - domain: "milvert.com"
      policy: two_factor

session:
  name: authelia_session
  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
  # Used a different secret, but the same site as jwt_secret above.
  # secret: SECRET_GOES_HERE # use docker secret file instead AUTHELIA_SESSION_SECRET_FILE
  expiration: 3600 # 1 hour
  inactivity: 1800 # 30 min
  domain: milvert.com # Should match whatever your root protected domain is

# Optional. Can improve performance on a busy system. If not enabled, session info is stored in memory.
#  redis:
#    host: redis
#    port: 6379
    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
    # password: authelia

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

storage:

# For local storage, uncomment lines below and comment out mysql. https://docs.authelia.com/configuration/storage/sqlite.html
#local:
  #path: /config/db.sqlite3
  postgres:
  # MySQL allows running multiple authelia instances. Create database and enter details below.
    host: postgres
    port: 5432
    database: authelia
    username: authelia
    # Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
    # password: use docker secret file instead AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE

notifier:
  disable_startup_check: false
  #smtp:
    #username: SMTP_USERNAME
    # This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
    # password: # use docker secret file instead AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
    #host: SMTP_HOST
    #port: 587 #465
    #sender: SENDER_EMAIL
  # For testing purpose, notifications can be sent in a file. Be sure map the volume in docker-compose.
  filesystem:
    filename: /tmp/authelia/notification.txt