valid yaml

docker-compose/authelia/config/configuration.yml.j2

@@ -1,101 +1,63 @@
 ---
 default_redirection_url: https://mgrote.net
-
-jwt_secret: {{ lookup('keepass', 'AUTHELIA_JWT_SECRET', 'password') }}
-
+jwt_secret: "{{ lookup('keepass', 'AUTHELIA_JWT_SECRET', 'password') }}"
 server:
   host: 0.0.0.0
   port: 9091
-
 log:
   level: debug
-
 totp:
   issuer: authelia.com
-
 access_control:
   default_policy: deny
   rules:
-    # Rules applied to everyone
     - domain: audio.mgrote.net
       policy: bypass
     - domain: munin.grote.lan
       policy: one_factor
-#    - domain: secure.example.com
-#      policy: two_factor
-
 session:
   cookies:
     - name: authelia_session
-      domain: mgrote.net  # Should match whatever your root protected domain is
-      expiration: 3600  # 1 hour
-      inactivity: 300  # 5 minutes
-
+      domain: mgrote.net
+      expiration: 3600
+      inactivity: 300
+  redis:
+    host: authelia-redis
+    post: 6379
 regulation:
   max_retries: 3
   find_time: 120
   ban_time: 300
-
 notifier:
   smtp:
     username: info@mgrote.net
-    password: {{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
+    password: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
     host: smtp.strato.de
     port: 587
     sender: info@mgrote.net
-
-
-# This is just the LDAP part of the Authelia configuration!
 authentication_backend:
-  # Password reset through authelia works normally.
   password_reset:
     disable: false
-  # How often authelia should check if there is an user update in LDAP
   refresh_interval: 1m
   ldap:
     implementation: custom
-    # Pattern is ldap://HOSTNAME-OR-IP:PORT
-    # Normal ldap port is 389, standard in LLDAP is 3890
     url: ldap://lldap-app:3890
-    # The dial timeout for LDAP.
     timeout: 5s
-    # Use StartTLS with the LDAP connection, TLS not supported right now
     start_tls: false
-    #tls:
-    #  skip_verify: false
-    #  minimum_version: TLS1.2
-    # Set base dn, like dc=google,dc.com
     base_dn: dc=grote,dc=lan
     username_attribute: uid
-    # You need to set this to ou=people, because all users are stored in this ou!
     additional_users_dn: ou=people
-    # To allow sign in both with username and email, one can use a filter like
-    # (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
-    users_filter: "(&({username_attribute}={input})(objectClass=person))"
-    # Set this to ou=groups, because all groups are stored in this ou
+    users_filter: (&({username_attribute}={input})(objectClass=person))
     additional_groups_dn: ou=groups
-    # Only this filter is supported right now
-    groups_filter: "(member={dn})"
-    # The attribute holding the name of the group.
+    groups_filter: (member={dn})
     group_name_attribute: cn
-    # Email attribute
     mail_attribute: mail
-    # The attribute holding the display name of the user. This will be used to greet an authenticated user.
     display_name_attribute: displayName
-    # The username and password of the admin user.
-    # "admin" should be the admin username you set in the LLDAP configuration
     user: uid=admin,ou=people,dc=grote,dc=lan
-    # Password can also be set using a secret: https://www.authelia.com/docs/configuration/secrets.html
-    password: {{ lookup('keepass', 'LLDAP_LDAP_USER_PASS', 'password') }}
-
-
+    password: "{{ lookup('keepass', 'LLDAP_LDAP_USER_PASS', 'password') }}"
 storage:
   postgres:
     host: authelia-postgres
     database: authelia
     username: authelia
-
-session:
-  redis:
-    host: authelia-redis
-    post: 6379
+    password: "{{ lookup('keepass', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', 'password') }}"