--- # Authelia configuration - Template # Deploy to: /mnt/user/appdata/authelia/config/configuration.yml # Docs: https://www.authelia.com/configuration/ # WICHTIG: Diese Datei NICHT in Git committen wenn user-spezifische Daten enthalten! theme: dark server: address: tcp://0.0.0.0:9091 log: level: info authentication_backend: file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 access_control: default_policy: deny rules: # Authelia selbst ist immer erreichbar (bypass) - domain: auth.kaleschke.info policy: bypass # Oeffentliche Apps - kein Login noetig - domain: - immich.kaleschke.info - paperless.kaleschke.info - mealie.kaleschke.info - vault.kaleschke.info - ntfy.kaleschke.info - git.kaleschke.info - home.kaleschke.info policy: bypass # Admin-Dienste - 2FA erforderlich - domain: - komodo.kaleschke.info - uptime.kaleschke.info - files.kaleschke.info - scrutiny.kaleschke.info policy: two_factor # Alles andere - 1FA - domain: "*.kaleschke.info" policy: one_factor session: name: authelia_session same_site: lax expiration: 12h inactivity: 45m remember_me: 1M cookies: - domain: kaleschke.info authelia_url: https://auth.kaleschke.info default_redirection_url: https://home.kaleschke.info regulation: max_retries: 3 find_time: 2m ban_time: 5m storage: postgres: address: tcp://postgresql17:5432 database: authelia username: authelia notifier: disable_startup_check: false filesystem: filename: /config/notifications.log # SMTP (fuer 2FA-Codes per Mail - optional, empfohlen fuer Produktion): # smtp: # address: smtp://smtp.example.com:587 # username: user@example.com # password: your_password # sender: Authelia # subject: "[Authelia] {title}" totp: issuer: kaleschke.info period: 30 skew: 1