theme: grey

server:
  address: tcp://:9091
  buffers:
    read: 8192
    write: 8192

log:
  level: trace
  format: text
#  file_path: /config/authelia.log
#  keep_stdout: true

totp:
  issuer: {{ env "X_AUTHELIA_SITE_NAME" }}
  period: 30
  skew: 1

webauthn:
  disable: false
  enable_passkey_login: true
  display_name: Authelia
  attestation_conveyance_preference: indirect
  timeout: 60s
  selection_criteria:
    attachment: ""
    discoverability: preferred
    user_verification: preferred

identity_validation:
  reset_password:
    jwt_secret: {{ secret "/run/secrets/IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET" }}

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

storage:
  encryption_key: {{ secret "/run/secrets/STORAGE_ENCRYPTION_KEY" }}
  # local:
  #   path: /config/db.sqlite3
  mysql:
    address: 'tcp://authelia_mariadb:3306'
    database: authelia
    username: authelia
    ## Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
    password: authelia
    timeout: 5s
      
notifier:
  smtp:
    address: submissions://box.p.nixc.us
    username: {{ env "X_AUTHELIA_EMAIL" }}
    password: {{ secret "/run/secrets/NOTIFIER_SMTP_PASSWORD" }}
    sender: "{{ env "X_AUTHELIA_SITE_NAME" }} <{{ env "X_AUTHELIA_EMAIL" }}>"
    subject: "[Authelia] {title}"

session:
  secret: {{ secret "/run/secrets/SESSION_SECRET" }}
  name: authelia_session
  same_site: lax
  expiration: 1h
  inactivity: 5m
  remember_me: 1M
  cookies:
  - domain: {{ env "TRAEFIK_DOMAIN" }}
    authelia_url: 'https://login.{{ env "TRAEFIK_DOMAIN" }}'
    name: 'authelia_session'
    same_site: 'lax'
    inactivity: '5m'
    expiration: '1h'
    remember_me: '1d'

  redis:
    host: 'authelia_redis'
    port: 6379
    database_index: 0
    maximum_active_connections: 8
    minimum_idle_connections: 0