---
# Authelia configuration
# This is a minimal configuration for getting started with Authelia

server:
  port: 9091
  endpoints:
    authz:
      forward-auth:
        implementation: 'ForwardAuth'

authentication_backend:
  file:
    path: '/config/users_database.yml'

access_control:
  default_policy: 'deny'
  rules:
    - domain: 'pgadmin.gate.${DOMAIN}'
      policy: 'two_factor'
    - domain: '*.gate.${DOMAIN}'
      policy: 'one_factor'

session:
  name: 'authelia_session'
  secret: '${AUTHELIA_SESSION_SECRET}'
  cookies:
    - domain: 'gate.${DOMAIN}'
      authelia_url: 'https://auth.gate.${DOMAIN}'
      default_redirection_url: 'https://login.gate.${DOMAIN}'

storage:
  postgres:
    host: 'authelia-db'
    port: 5432
    database: 'authelia'
    username: 'authelia'
    password: '${AUTHELIA_DB_PASSWORD}'

notifier:
  smtp:
    username: 'authelia'
    password: 'dummy_password'
    host: 'smtp.example.com'
    port: 587
    sender: 'authelia@example.com'

jwt_secret: '${AUTHELIA_JWT_SECRET}'

api:
  endpoints:
    reset_password:
      disable: false

regulations:
  max_retries: 3
  find_time: 120
  ban_time: 300