#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}

theme: {{ authelia_theme }}

server:
  host: {{ authelia_bind_ip }}
  port: {{ authelia_bind_port }}
  read_buffer_size: 4096
  write_buffer_size: 4096
  path: ""

log:
  level: {{ authelia_log_level }}

jwt_secret: {{ authelia_jwt_secret }}
{% if authelia_default_redirection_url is defined %}

default_redirection_url: {{ authelia_default_redirection_url }}
{% endif %}

totp:
  issuer: {{ authelia_totp_issuer }}
  period: {{ authelia_totp_period }}
  skew: {{ authelia_totp_skew }}

authentication_backend:
  disable_reset_password: {{ authelia_auth_backend_disable_reset_password | bool | lower }}
  refresh_interval: 5m
  {% if authelia_auth_backend == "ldap" %}

  ldap:
    implementation: custom
    url: {{authelia_auth_ldap_url }}
    start_tls: {{ authelia_auth_ldap_start_tls | bool | lower }}

    tls:
      skip_verify: {{ authelia_auth_ldap_tls_skip_verify | bool | lower }}
      minimum_version: {{ authelia_auth_ldap_tls_minimum_version }}

    base_dn: {{ authelia_auth_ldap_base_dn }}

    username_attribute: {{ authelia_auth_ldap_username_attribute }}
    additional_users_dn: {{ authelia_auth_ldap_additional_users_dn }}
    users_filter: {{ authelia_auth_ldap_users_filter }}

    group_name_attribute: {{ authelia_auth_ldap_group_name_attribute }}
    additional_groups_dn: {{ authelia_auth_ldap_additional_groups_dn }}
    groups_filter: {{ authelia_auth_ldap_groups_filter }}

    mail_attribute: {{ authelia_auth_ldap_mail_attribute }}
    display_name_attribute: {{ authelia_auth_ldap_display_name_attribute }}

    user: {{ authelia_auth_ldap_bind_user }}
    password: '{{ authelia_auth_ldap_bind_password }}'
  {% else %}

  file:
    path: {{ authelia_config_dir }}/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      key_length: 32
      salt_length: 16
      memory: 1024
      parallelism: 8
  {% endif %}

access_control:
  default_policy: {{ authelia_access_control_default_policy }}
  {% if authelia_access_control_networks | length > 0 %}

  networks:
  {{ authelia_access_control_networks | to_nice_yaml(indent=2) | indent(2, False) }}
  {% endif %}
  {% if authelia_access_control_rules | length > 0 %}

  rules:
  {{ authelia_access_control_rules | to_nice_yaml(indent=2) | indent(2, False) }}
  {% endif %}

session:
  name: {{ authelia_session_name }}
  domain: {{ authelia_session_domain }}
  same_site: {{ authelia_session_same_site }}
  secret: {{ authelia_session_secret }}
  expiration: {{ authelia_session_expiration }}
  inactivity: {{ authelia_session_inactivity }}
  remember_me_duration: {{ authelia_session_remember_me_duration }}
  {% if authelia_session_backend == "redis" %}

  redis:
    host: {{ authelia_session_redis_host }}
    port: {{ authelia_session_redis_port }}

    database_index: {{ authelia_session_redis_database_index }}
    maximum_active_connections: {{ authelia_session_redis_maximum_active_connections }}
    minimum_idle_connections: {{ authelia_session_redis_minimum_idle_connections }}
  {% endif %}

regulation:
  max_retries: {{ authelia_regulation_max_retries }}
  find_time: {{ authelia_regulation_find_time }}
  ban_time: {{ authelia_regulation_ban_time }}

storage:
  encryption_key: {{ authelia_storage_encryption_key }}
  {% if authelia_storage_backend == "postgres" %}
  postgres:
    host: {{ authelia_storage_db_host }}
    port: {{ authelia_storage_db_port }}
    database: {{ authelia_storage_db_name }}
    username: {{ authelia_storage_db_username }}
    password: '{{ authelia_storage_db_password }}'
    sslmode: {{ authelia_storage_db_sslmode }}
  {% else %}
  local:
    path: {{ authelia_data_dir }}/db.sqlite3
  {% endif %}

notifier:
  disable_startup_check: {{ authelia_notifier_disable_startup_check | bool | lower }}
  {% if authelia_notifier_backend == "smtp" %}

  smtp:
    username: {{ authelia_notifier_smtp_username }}
    password: '{{ authelia_notifier_smtp_password }}'
    host: {{ authelia_notifier_smtp_host }}
    port: {{ authelia_notifier_smtp_port }}
    sender: {{ authelia_notifier_smtp_sender }}
    identifier: {{ authelia_notifier_smtp_identifier }}
    subject: "{{ authelia_notifier_smtp_subject }}"
    startup_check_address: {{ authelia_notifier_smtp_startup_check_address }}
    disable_require_tls: {{ authelia_notifier_smtp_disable_require_tls | bool | lower }}
    disable_html_emails: {{ authelia_notifier_smtp_disable_html_emails | bool | lower }}

    tls:
      skip_verify: {{ authelia_notifier_smtp_tls_skip_verify | bool | lower }}
      minimum_version: {{ authelia_notifier_smtp_tls_minimum_version }}
  {% else %}

  filesystem:
    filename: {{ authelia_data_dir }}/notification.txt
  {% endif %}