Homelab/authelia/configuration.yml

authentication_backend:
  refresh_interval: '5m'
  password_reset:
    disable: false
    custom_url: ''
  password_change:
    disable: false
  file:
    path: '/data/users.yml'
    watch: false
    search:
      email: false
      case_insensitive: false
    password:
      algorithm: 'argon2'
      argon2:
        variant: 'argon2id'
        iterations: 3
        memory: 65536
        parallelism: 4
        key_length: 32
        salt_length: 16
session:
  name: 'authelia_session'
  # same_site: 'lax'
  inactivity: '5m'
  expiration: '1h'
  remember_me: '1M'
  cookies:
    - domain: 'loadingm.xyz'
      authelia_url: 'https://auth.loadingm.xyz'
      default_redirection_url: 'https://loadingm.xyz'
      name: 'authelia_session'
      same_site: 'lax'
      inactivity: '5m'
      expiration: '1h'
      remember_me: '1d'
notifier:
  disable_startup_check: false
  # filesystem:
  #   filename: '/data/notification.txt'
  smtp:
    address: 'smtp://mail:25'
    sender: 'Authelia <auth@loadingm.xyz>'
    disable_require_tls: true # Determine if this is needed
    disable_starttls: true
storage:
  local:
    path: '/data/db.sqlite3'
access_control:
  default_policy: deny
  rules:
    - domain: 'servarr.loadingm.xyz'
      subject:
        - 'group:admins'
      policy: one_factor
    # - domain: '*.loadingm.xyz'
    #   policy: one_factor
server:
  endpoints:
    authz:
      auth-request:
        implementation: 'AuthRequest'
identity_providers:
  oidc:
    # enable_client_debug_messages: false
    # minimum_parameter_entropy: 8
    # enforce_pkce: 'public_clients_only'
    # enable_pkce_plain_challenge: false
    # enable_jwt_access_token_stateless_introspection: false
    # discovery_signed_response_alg: 'none'
    # discovery_signed_response_key_id: ''
    # require_pushed_authorization_requests: false
    # authorization_policies:
    #   policy_name:
    #     default_policy: 'two_factor'
    #     rules:
    #       - policy: 'deny'
    #         subject: 'group:services'
    #         networks:
    #           - '192.168.1.0/24'
    #           - '192.168.2.51'
    lifespans:
      access_token: '1h'
      authorize_code: '1m'
      id_token: '1h'
      refresh_token: '90m'
    # claims_policies:
    #   policy_name:
    #     id_token: []
    #     access_token: []
    #     id_token_audience_mode: 'specification'
    #     custom_claims:
    #       claim_name:
    #         name: 'claim_name'
    #         attribute: 'attribute_name'
    # scopes:
    #   scope_name:
    #     claims: []
    # cors:
    #   endpoints:
    #     - 'authorization'
    #     - 'token'
    #     - 'revocation'
    #     - 'introspection'
    #   allowed_origins:
    #     - 'https://example.com'
    #   allowed_origins_from_client_redirect_uris: false