default_redirection_url: https://portal.bhasher.com
theme: dark

server:
  host: 0.0.0.0
  port: 9091

log:
  level: info

totp:
  disable: false
  issuer: idp.bhasher.com
  algorithm: sha256
  digits: 6
  period: 30
  skew: 1
  secret_size: 32

authentication_backend:
  password_reset:
    disable: false
  refresh_interval: 5m
  ldap:
    user: cn=readonly,dc=bhasher,dc=com
    implementation: custom
    url: ldap://openldap
    timeout: 5s
    start_tls: false
    base_dn: DC=bhasher,DC=com
    username_attribute: uid
    additional_users_dn: ou=users
    users_filter: (&({username_attribute}={input})(objectClass=inetOrgPerson))
    additional_groups_dn: ou=groups
    groups_filter: (&(uniqueMember={dn})(objectClass=groupOfUniqueNames))
    group_name_attribute: cn
    mail_attribute: mail
    display_name_attribute: cn
    permit_referrals: false

access_control:
  default_policy: deny
  rules:
  - domain: '*.bhasher.com'
    policy: two_factor
    subject:
    - "group:admin"
  - domain: 'radarr.bhasher.com'
    policy: two_factor
    subject:
    - "group:mediaserver"
  - domain: 'sonarr.bhasher.com'
    policy: two_factor
    subject:
    - "group:mediaserver"
  - domain: 'jellyfin.bhasher.com'
    policy: two_factor
    subject:
    - "group:mediaserver"

session:
  name: auth_session
  domain: bhasher.com
  same_site: lax
  expiration: 1d
  inactivity: 3h
  remember_me_duration: 1w
  redis:
    host: redis
    port: 6379

regulation:
  max_retries: 3
  find_time: 1m
  ban_time: 5m

storage:
  # local:
  #   path: /data/db.sqlite3
  postgres:
    host: postgres
    port: 5432
    database: authelia
    schema: public
    username: postgres

notifier:
  smtp:
    host: bdubois.io
    port: 587
    sender: no-reply@bhasher.com

password_policy:
  standard:
    enabled: true
    min_length: 8
    max_length: 0
    require_uppercase: false
    require_lowercase: false
    require_number: false
    require_special: false