default_redirection_url: https://hub.bhasher.com theme: dark server: host: 0.0.0.0 port: 9091 log: level: warn file_path: /logs/authelia.log #format: json totp: disable: false issuer: idp.bhasher.com algorithm: sha256 digits: 6 period: 30 skew: 1 secret_size: 32 ntp: disable_startup_check: true authentication_backend: password_reset: disable: false refresh_interval: 5m ldap: user: cn=readonly,dc=bhasher,dc=com implementation: custom url: ldap://openldap timeout: 5s start_tls: false base_dn: DC=bhasher,DC=com username_attribute: uid additional_users_dn: ou=users users_filter: (&({username_attribute}={input})(objectClass=inetOrgPerson)) additional_groups_dn: ou=groups groups_filter: (&(uniqueMember={dn})(objectClass=groupOfUniqueNames)) group_name_attribute: cn mail_attribute: mail display_name_attribute: cn permit_referrals: false access_control: default_policy: deny rules: - domain: 'radarr.bhasher.com' policy: one_factor subject: - "group:mediaserver" - domain: 'sonarr.bhasher.com' policy: one_factor subject: - "group:mediaserver" - domain: 'jellyfin.bhasher.com' policy: one_factor subject: - "group:mediaserver" - domain: 'lum.bhasher.com' policy: two_factor subject: - "group:admin" - domain: 'paperless.bhasher.com' policy: two_factor subject: - "group:family" - "group:admin" - domain: 'mealie.bhasher.com' policy: one_factor subject: - "group:member" methods: - "GET" - "HEAD" - "POST" - "PUT" - "DELETE" - "CONNECT" - "OPTIONS" - "TRACE" - domain: '*.bhasher.com' policy: one_factor subject: - "group:admin" session: name: auth_session domain: bhasher.com same_site: lax expiration: 1d inactivity: 3h remember_me_duration: 1w redis: host: redis port: 6379 regulation: max_retries: 3 find_time: 1m ban_time: 5m storage: # local: # path: /data/db.sqlite3 postgres: host: postgres port: 5432 database: authelia schema: public username: postgres notifier: smtp: host: bdubois.io port: 587 sender: no-reply@bhasher.com password_policy: standard: enabled: true min_length: 8 max_length: 0 require_uppercase: false require_lowercase: false require_number: false require_special: false telemetry: metrics: enabled: true address: "tcp://0.0.0.0:9959" buffers: read: 4096 write: 4096 timeouts: read: 6s write: 6s idle: 30s identity_providers: oidc: enforce_pkce: public_clients_only cors: allowed_origins_from_client_redirect_uris: true endpoints: - 'authorization' - 'token' - 'revocation' - 'introspection' clients: - id: grafana description: Grafana secret: '$argon2id$v=19$m=65536,t=3,p=4$dQfNyInvlh1Lgw3JXi7G6A$M/WaNpHJkAyaQcXIMsOTl0+gBWGPPVBoCm7NpEQfTpI' public: false authorization_policy: one_factor redirect_uris: - https://grafana.bhasher.com/login/generic_oauth consent_mode: implicit scopes: - openid - profile - groups - email userinfo_signing_algorithm: none - id: matrix_synapse description: Matrix Synapse secret: '$argon2id$v=19$m=65536,t=3,p=4$Z+6HONrjDp54s+MhXuq1cA$bjc5tMGD3gR6AaBYIDx3S2mz/UfPv6a0n1Vf3q2Ifik' public: false authorization_policy: one_factor redirect_uris: - https://matrix.bhasher.com/_synapse/client/oidc/callback consent_mode: implicit scopes: - openid - profile - email userinfo_signing_algorithm: none - id: portainer description: Portainer secret: '$argon2id$v=19$m=65536,t=3,p=4$7bqhx/sMH6Hes4ggVwpEPg$uue9QyGkROpAihkGpbDV6YjKCJlZVXj1JBkJfyLj2MI' public: false authorization_policy: two_factor redirect_uris: - https://portainer.bxl.bhasher.com consent_mode: implicit scopes: - openid - profile - groups - email userinfo_signing_algorithm: none - id: jellyfin description: Jellyfn secret: '$argon2id$v=19$m=65536,t=3,p=4$+AqLF91LkfyZJIhjxq3lVQ$m0aSF/XYaWAU1NgRUlwMC3cB0k09Jg+HBBXa8iJWCLk' public: false authorization_policy: one_factor redirect_uris: - https://jellyfin.bhasher.com/sso/OID/redirect/Authelia consent_mode: implicit scopes: - openid - profile - groups - email userinfo_signing_algorithm: none - id: miniflux description: Miniflux secret: '$argon2id$v=19$m=65536,t=3,p=4$6CLrUJhwSMsOAryD/Fn0JA$1Lw6ECq0SSxDOQhbxM3nuHaXaEbXyVOgndGjAkTmkbc' public: false authorization_policy: one_factor redirect_uris: - https://miniflux.bhasher.com/oauth2/oidc/callback consent_mode: implicit scopes: - openid - profile - groups - email userinfo_signing_algorithm: none - id: gitea description: Gitea secret: '$argon2id$v=19$m=65536,t=3,p=4$hVcRat4GdQSCfaikh6C7xQ$KydT/DYUVnazMHhhZgYN9+LMaAI9vpX9x53PcYgsrko' public: false authorization_policy: two_factor redirect_uris: - https://git.bhasher.com/user/oauth2/Authelia/callback consent_mode: implicit scopes: - openid - profile - groups - email userinfo_signing_algorithm: none - id: seafile description: Seafile secret: '$argon2id$v=19$m=65536,t=3,p=4$vZ7/eiJGrPeuEWwllkN7zw$IhspEFbyQe/rBzchVs8iigsQKbYsXPfBBhR2Loo0afI' public: false authorization_policy: one_factor redirect_uris: - https://file.bhasher.com/oauth/callback/ consent_mode: implicit scopes: - openid - profile - email userinfo_signing_algorithm: none - id: wikijs description: WikiJS secret: '$argon2id$v=19$m=65536,t=3,p=4$aAnFAm2XL8rGMOLhMpgL1Q$ZBJ3v0d1guzLj/FVBTJz2v+ZAhy/jZc7B4iNozvx+hU' public: false authorization_policy: one_factor redirect_uris: - https://wiki.bhasher.com/login/4b20571d-a8d7-4384-a95c-589fe7fc7ab6/callback consent_mode: implicit scopes: - openid - profile - email - groups userinfo_signing_algorithm: none - id: mealie description: Mealie public: true authorization_policy: one_factor redirect_uris: - https://recipes.bhasher.com/login - https://recipes.bhasher.com/login?direct=1 consent_mode: implicit scopes: - openid - profile - email - groups userinfo_signing_algorithm: none