--- # Authelia configuration - repo source of truth # Manual host sync required after changes: # /mnt/user/appdata/authelia/config/configuration.yml # Docs: https://www.authelia.com/configuration/ # Keep user database and secret values outside Git. theme: dark server: address: tcp://0.0.0.0:9091 log: level: info authentication_backend: file: path: /config/users_database.yml password: algorithm: argon2id iterations: 1 key_length: 32 salt_length: 16 memory: 1024 parallelism: 8 access_control: default_policy: deny rules: # Authelia selbst ist immer erreichbar (bypass) - domain: auth.kaleschke.info policy: bypass # Oeffentliche Apps - kein Login noetig - domain: - immich.kaleschke.info - paperless.kaleschke.info - mealie.kaleschke.info - vault.kaleschke.info - ntfy.kaleschke.info - git.kaleschke.info policy: bypass # Admin-Dienste - 2FA erforderlich - domain: - uptime.kaleschke.info - files.kaleschke.info - scrutiny.kaleschke.info policy: two_factor # Alles andere mit Authelia-Middleware - 1FA. # Komodo hat bewusst keine ForwardAuth-Middleware und wird hier nicht ausgewertet. - domain: "*.kaleschke.info" policy: one_factor session: name: authelia_session same_site: lax expiration: 12h inactivity: 45m remember_me: 1M cookies: - domain: kaleschke.info authelia_url: https://auth.kaleschke.info default_redirection_url: https://home.kaleschke.info regulation: max_retries: 3 find_time: 2m ban_time: 5m storage: postgres: address: tcp://postgresql17:5432 database: authelia username: authelia notifier: disable_startup_check: false filesystem: filename: /config/notifications.log # SMTP (fuer 2FA-Codes per Mail - optional, empfohlen fuer Produktion): # smtp: # address: smtp://smtp.example.com:587 # username: user@example.com # password: your_password # sender: Authelia # subject: "[Authelia] {title}" totp: issuer: kaleschke.info period: 30 skew: 1