###############################################################
#                   Authelia configuration                    #
###############################################################

server:
  host: 0.0.0.0
  port: 9091

jwt_secret: a-super-long-strong-string-of-letters-numbers-characters
log:
  level: debug

default_redirection_url: https://auth.ourfamily.group
totp:
  issuer: ourfamily.group
  period: 30
  skew: 1

#duo_api:     ## You can use this api if you want push notifications of auth attempts
#  hostname: api-123456789.example.com
#  integration_key: ABCDEF
#  secret_key: yet-another-long-string-of-characters-and-numbers-and-symbols

authentication_backend:
  disable_reset_password: false
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      salt_length: 16
      parallelism: 8
      memory: 64
      
access_control:
  default_policy: deny
  rules:
    # Rules applied to everyone
    - domain:
        - "ourfamily.group"
        - "www.ourfamily.group"
        - "help.ourfamily.group"
        - "cdn.ourfamily.group"
      policy: bypass
    - domain:
        - "tree.ourfamily.group"
      policy: one_factor
#      networks:
#       - 192.168.1.0/24
#    - domain:
#        - "a2factor.domain.org"
#      policy: two_factor
#     networks:
#       - 192.168.1.0/24

session:
  name: authelia_session
  # This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
  secret: a-really-L0ng_s7r0ng-secr3t-st1nggggg-shoul0-be-used
  expiration: 3600 # 1 hour
  inactivity: 7200 # 2 hours
  domain: ourfamily.group # Should match whatever your root protected domain is

  redis:
    host: auth-redis-1
    port: 6379
    # This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
#    password: authelia

regulation:
  max_retries: 5
  find_time: 2m
  ban_time: 10m
  
theme: dark

storage:
  encryption_key: a-very-long-strong-key-should-be-used-here
  local:
    path: /config/db.sqlite3

notifier:
#  filesystem:
#    filename: /config/notification.txt
  smtp:
    username: family@daruthe.com
    password: Motahub0!
    host: mail.daruthe.com
    port: 465
    sender: family@daruthe.com
    subject: "[Authelia] {title}"
    disable_require_tls: false
    disable_html_emails: false
    tls:
      server_name: mail.daruthe.com
      skip_verify: false
      minimum_version: TLS1.2