--- # Authelia configuration - repo baseline for non-secret access-control/session/storage settings # Manual host sync/merge required after changes: # /mnt/user/appdata/authelia/config/configuration.yml # Docs: https://www.authelia.com/configuration/ # Keep user database, OIDC client configuration, and secret values outside Git. theme: dark server: address: tcp://0.0.0.0:9091 log: level: info authentication_backend: file: path: /config/users_database.yml password: algorithm: argon2id iterations: 3 key_length: 32 salt_length: 16 memory: 65536 parallelism: 4 access_control: default_policy: deny rules: # Authelia selbst ist immer erreichbar (bypass) - domain: auth.kaleschke.info policy: bypass # Oeffentliche Apps - kein Login noetig - domain: - immich.kaleschke.info - paperless.kaleschke.info - mealie.kaleschke.info - vault.kaleschke.info - ntfy.kaleschke.info - git.kaleschke.info policy: bypass # Admin-Dienste - 2FA erforderlich - domain: - uptime.kaleschke.info - files.kaleschke.info - scrutiny.kaleschke.info policy: two_factor # Alles andere mit Authelia-Middleware - 1FA. # Komodo hat bewusst keine ForwardAuth-Middleware und wird hier nicht ausgewertet. - domain: "*.kaleschke.info" policy: one_factor session: name: authelia_session same_site: lax expiration: 12h inactivity: 45m remember_me: 1M cookies: - domain: kaleschke.info authelia_url: https://auth.kaleschke.info default_redirection_url: https://glance.kaleschke.info regulation: max_retries: 3 find_time: 2m ban_time: 5m storage: postgres: address: tcp://postgresql17:5432 database: authelia username: authelia notifier: disable_startup_check: false smtp: address: submission://mail.gmx.net:587 username: michideheld@gmx.de sender: "Authelia " identifier: auth.kaleschke.info subject: "[Authelia] {title}" startup_check_address: michideheld@gmx.de totp: issuer: kaleschke.info period: 30 skew: 1