---
authelia_version: 4.33.1
authelia_user: "authelia_adm"
authelia_user_home: "/home/{{ authelia_user }}"
authelia_group: "{{ authelia_user }}"
authelia_extra_groups: []

authelia_packages:
  - tar

authelia_base_dir: "/opt/authelia"
authelia_config_dir: "{{ authelia_base_dir }}/conf"
authelia_data_dir: "{{ authelia_base_dir }}/data"
authelia_read_only_dirs: []

authelia_bind_ip: 127.0.0.1
authelia_bind_port: 61000
authelia_portal_url: "http://localhost:61000/"

authelia_theme: light

authelia_log_level: error

# @var authelia_default_redirection_url:description: Specifies the default redirection URL Authelia will use in case a referer is missing.
# @var authelia_default_redirection_url: $ "_unset_"
# @var authelia_default_redirection_url:example: $ "https://github.com"

authelia_jwt_secret: a_very_important_secret

authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
authelia_totp_period: 30
authelia_totp_skew: 1

authelia_auth_backend_disable_reset_password: False

# @var authelia_auth_backend:description: >
# Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work
# while the LDAP auth backend is enabled.
# @end
authelia_auth_backend: local
authelia_auth_local_users: []

authelia_auth_ldap_url: ldap://127.0.0.1
authelia_auth_ldap_start_tls: False
authelia_auth_ldap_tls_skip_verify: False
authelia_auth_ldap_tls_minimum_version: TLS1.2
authelia_auth_ldap_base_dn: dc=example,dc=com
authelia_auth_ldap_username_attribute: uid
authelia_auth_ldap_additional_users_dn: ou=users
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
authelia_auth_ldap_group_name_attribute: cn
authelia_auth_ldap_additional_groups_dn: ou=groups
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
authelia_auth_ldap_mail_attribute: mail
authelia_auth_ldap_display_name_attribute: displayname
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
authelia_auth_ldap_bind_password: password

# @var authelia_storage_encryption_key:description: >
# The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters,
# however we generally recommend above 64 characters. For security reasons, it's highly recommended to create
# a unique key.
# @end
authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd

# @var authelia_storage_backend:description: >
# Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work
# while the PostgreSQL backend is enabled.
# @end
authelia_storage_backend: local

authelia_storage_db_host: 127.0.0.1
authelia_storage_db_port: 5432
authelia_storage_db_name: authelia
authelia_storage_db_username: authelia
authelia_storage_db_password: mypassword
authelia_storage_db_sslmode: disable

# @var authelia_session_backend:description: >
# Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work
# while the Redis backend is enabled.
# @end
authelia_session_backend: local

authelia_session_name: authelia_session
authelia_session_domain: example.com
authelia_session_same_site: lax
authelia_session_secret: insecure_session_secret
authelia_session_expiration: 1h
authelia_session_inactivity: 5m
authelia_session_remember_me_duration: 1M

authelia_session_redis_host: 127.0.0.1
authelia_session_redis_port: 6379
authelia_session_redis_database_index: 0
authelia_session_redis_maximum_active_connections: 8
authelia_session_redis_minimum_idle_connections: 0

authelia_regulation_max_retries: 3
authelia_regulation_find_time: 2m
authelia_regulation_ban_time: 5m

authelia_access_control_default_policy: one_factor
authelia_access_control_networks: []
authelia_access_control_rules: []

authelia_notifier_disable_startup_check: False

# @var authelia_notifier_backend:description: >
# Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work
# while the SMTP backend is enabled.
# @end
authelia_notifier_backend: local

authelia_notifier_smtp_username: test
authelia_notifier_smtp_password: password
authelia_notifier_smtp_host: 127.0.0.1
authelia_notifier_smtp_port: 1025
authelia_notifier_smtp_sender: admin@example.com
authelia_notifier_smtp_identifier: localhost
authelia_notifier_smtp_subject: "[Authelia] {title}"
authelia_notifier_smtp_startup_check_address: test@authelia.com
authelia_notifier_smtp_disable_require_tls: False
authelia_notifier_smtp_disable_html_emails: False
authelia_notifier_smtp_tls_skip_verify: False
authelia_notifier_smtp_tls_minimum_version: TLS1.2