host: 0.0.0.0
port: 9091

log:
  level: info

jwt:
  secret: "CHANGE_ME_TO_A_LONG_RANDOM_STRING"

default_redirection_url: "https://auth.example.com"

totp:
  issuer: "example.com"

authentication_backend:
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 3
      key_length: 32
      salt_length: 16
      parallelism: 2
      memory: 64

access_control:
  default_policy: deny

  # Any request that reaches Authelia via forward-auth
  # requires at least one_factor authentication.
  rules:
    - domain_regex: ".*"
      policy: one_factor

session:
  name: authelia_session
  secret: "CHANGE_ME_SESSION_SECRET"
  same_site: lax
  expiration: 3600
  inactivity: 300
  domain: "example.com"

  redis:
    enabled: false

storage:
  local:
    path: /config/db.sqlite3

notifier:
  filesystem:
    filename: /config/notification.log