server:
  address: 0.0.0.0:9091

log:
  level: info

totp:
  issuer: kolpacksoftware.com

webauthn:
  disable: true

authentication_backend:
  file:
    path: /config/users_database.yaml
    password:
      algorithm: argon2id

access_control:
  default_policy: deny
  rules:
    - domain: auth.kolpacksoftware.com
      policy: bypass
    - domain: ultralytics.kolpacksoftware.com
      policy: one_factor
    - domain: "*.kolpacksoftware.com"
      policy: one_factor
      subject: "group:admins"

session:
  cookies:
    - domain: kolpacksoftware.com
      authelia_url: https://auth.kolpacksoftware.com
      default_redirection_url: https://kolpacksoftware.com
      name: authelia_session
      expiration: 1h
      inactivity: 5m
  redis:
    host: authelia-redis
    port: 6379

storage:
  local:
    path: /config/db.sqlite3

notifier:
  filesystem:
    filename: /config/notifications.txt

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

identity_providers:
  oidc:
    hmac_secret: ${AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET}
    jwks:
      - key_id: main
        algorithm: RS256
        use: sig
        # key: HOST-MANAGED — inline /srv/authelia/config/oidc.key contents here in the
        # host copy (/srv/authelia/config/configuration.yml). Never commit the key to git.
        # Generate with: openssl genrsa -out /srv/authelia/config/oidc.key 4096
    clients:
      - client_id: linkding
        client_name: Linkding
        client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_LINKDING}'
        public: false
        authorization_policy: one_factor
        redirect_uris:
          - https://linkding.kolpacksoftware.com/oidc/callback/
        scopes:
          - openid
          - profile
          - email
          - groups
        userinfo_signed_response_alg: none