homeserver/docker-compose/authelia/config/configuration.yml.j2

---
default_redirection_url: https://mgrote.net
jwt_secret: "{{ lookup('keepass', 'AUTHELIA_JWT_SECRET', 'password') }}"

server:
  host: 0.0.0.0
  port: 9091

log:
  level: debug

totp:
  issuer: authelia.com

access_control:
  default_policy: deny
  rules:
    - domain: audio.mgrote.net
      policy: bypass
    - domain: munin.grote.lan
      policy: one_factor

session:
  domain: mgrote.net
  secret: "{{ lookup('keepass', 'AUTHELIA_SESSION_SECRET', 'password') }}"
  redis:
    host: authelia-redis
    port: 6379

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

notifier:
  smtp:
    username: info@mgrote.net
    password: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
    host: smtp.strato.de
    port: 587
    sender: info@mgrote.net

authentication_backend:
  password_reset:
    disable: false
  refresh_interval: 1m
  ldap:
    implementation: custom
    url: ldap://lldap-app:3890
    timeout: 5s
    start_tls: false
    base_dn: dc=grote,dc=lan
    username_attribute: uid
    additional_users_dn: ou=people
    users_filter: (&({username_attribute}={input})(objectClass=person))
    additional_groups_dn: ou=groups
    groups_filter: (member={dn})
    group_name_attribute: cn
    mail_attribute: mail
    display_name_attribute: displayName
    user: uid=admin,ou=people,dc=grote,dc=lan
    password: "{{ lookup('keepass', 'LLDAP_LDAP_USER_PASS', 'password') }}"

storage:
  postgres:
    host: authelia-postgres
    database: authelia
    username: authelia
    password: "{{ lookup('keepass', 'AUTHELIA_STORAGE_POSTGRES_PASSWORD', 'password') }}"