--- ############################################################### # Authelia Configuration # ############################################################### theme: auto server: host: 0.0.0.0 port: 9091 path: "" asset_path: /config/assets/ headers: csp_template: "" log: level: info format: text totp: issuer: pivoine.art period: 30 skew: 1 webauthn: disable: false display_name: Pivoine Auth attestation_conveyance_preference: indirect user_verification: preferred timeout: 60s ntp: address: "time.cloudflare.com:123" version: 4 max_desync: 3s disable_startup_check: false disable_failure: false authentication_backend: password_reset: disable: false refresh_interval: 5m file: path: /etc/authelia/users_database.yml password: algorithm: argon2 argon2: variant: argon2id iterations: 3 memory: 65536 parallelism: 4 key_length: 32 salt_length: 16 access_control: default_policy: deny rules: # Authelia portal itself - domain: auth.pivoine.art policy: bypass # Services that should be publicly accessible - domain: - "pivoine.art" - "www.pivoine.art" policy: bypass # Protected services - require authentication - domain: - "netdata.pivoine.art" - "mailpit.pivoine.art" - "scrapy.pivoine.art" - "restic.pivoine.art" - "traefik.pivoine.art" policy: two_factor # Development services - domain: - "dev.pivoine.art" - "n8n.pivoine.art" - "asciinema.pivoine.art" - "coolify.pivoine.art" policy: two_factor session: name: authelia_session domain: pivoine.art same_site: lax expiration: 1h inactivity: 5m remember_me_duration: 1M regulation: max_retries: 3 find_time: 2m ban_time: 5m storage: encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY} postgres: host: postgres port: 5432 database: authelia username: valknar password: ${DB_PASSWORD} schema: public notifier: disable_startup_check: false smtp: host: net_mailpit port: 1025 sender: auth@pivoine.art identifier: auth.pivoine.art disable_require_tls: true disable_html_emails: false