docker-compose/net/authelia/configuration.yml

---
###############################################################
#                   Authelia Configuration                    #
###############################################################

theme: auto

server:
  host: 0.0.0.0
  port: 9091
  path: ""
  asset_path: /config/assets/
  headers:
    csp_template: ""

log:
  level: info
  format: text

totp:
  issuer: pivoine.art
  period: 30
  skew: 1

webauthn:
  disable: false
  display_name: Pivoine Auth
  attestation_conveyance_preference: indirect
  user_verification: preferred
  timeout: 60s

ntp:
  address: "time.cloudflare.com:123"
  version: 4
  max_desync: 3s
  disable_startup_check: false
  disable_failure: false

authentication_backend:
  password_reset:
    disable: false
  refresh_interval: 5m
  file:
    path: /etc/authelia/users_database.yml
    password:
      algorithm: argon2
      argon2:
        variant: argon2id
        iterations: 3
        memory: 65536
        parallelism: 4
        key_length: 32
        salt_length: 16

access_control:
  default_policy: deny
  rules:
    # Authelia portal itself
    - domain: auth.pivoine.art
      policy: bypass

    # Services that should be publicly accessible
    - domain:
        - "pivoine.art"
        - "www.pivoine.art"
      policy: bypass

    # Protected services - require authentication
    - domain:
        - "netdata.pivoine.art"
        - "mailpit.pivoine.art"
        - "scrapy.pivoine.art"
        - "restic.pivoine.art"
        - "traefik.pivoine.art"
      policy: two_factor

    # Development services
    - domain:
        - "dev.pivoine.art"
        - "n8n.pivoine.art"
        - "asciinema.pivoine.art"
        - "coolify.pivoine.art"
      policy: two_factor

session:
  name: authelia_session
  domain: pivoine.art
  same_site: lax
  expiration: 1h
  inactivity: 5m
  remember_me_duration: 1M

regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m

storage:
  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
  postgres:
    host: postgres
    port: 5432
    database: authelia
    username: valknar
    password: ${DB_PASSWORD}
    schema: public

notifier:
  disable_startup_check: false
  smtp:
    host: net_mailpit
    port: 1025
    sender: auth@pivoine.art
    identifier: auth.pivoine.art
    disable_require_tls: true
    disable_html_emails: false