126 lines
4.5 KiB
YAML
126 lines
4.5 KiB
YAML
---
|
|
authelia_version: 4.33.1
|
|
authelia_user: "authelia_adm"
|
|
authelia_user_home: "/home/{{ authelia_user }}"
|
|
authelia_group: "{{ authelia_user }}"
|
|
authelia_extra_groups: []
|
|
|
|
authelia_packages: []
|
|
|
|
authelia_base_dir: "/opt/authelia"
|
|
authelia_config_dir: "{{ authelia_base_dir }}/conf"
|
|
authelia_data_dir: "{{ authelia_base_dir }}/data"
|
|
authelia_read_only_dirs: []
|
|
|
|
authelia_bind_ip: 127.0.0.1
|
|
authelia_bind_port: 61000
|
|
authelia_portal_url: "http://localhost:61000/"
|
|
|
|
authelia_theme: light
|
|
|
|
authelia_log_level: error
|
|
|
|
# @var authelia_default_redirection_url:description: Specifies the default redirection URL Authelia will use in case a referer is missing.
|
|
# @var authelia_default_redirection_url: $ "_unset_"
|
|
# @var authelia_default_redirection_url:example: $ "https://github.com"
|
|
|
|
authelia_jwt_secret: a_very_important_secret
|
|
|
|
authelia_totp_issuer: "{{ authelia_portal_url | urlsplit('hostname') }}"
|
|
authelia_totp_period: 30
|
|
authelia_totp_skew: 1
|
|
|
|
authelia_auth_backend_disable_reset_password: False
|
|
|
|
# @var authelia_auth_backend:description: >
|
|
# Set authentication backend. Available options are `local|ldap`. All `authelia_auth_ldap_` variables will only work
|
|
# while the LDAP auth backend is enabled.
|
|
# @end
|
|
authelia_auth_backend: local
|
|
authelia_auth_local_users: []
|
|
|
|
authelia_auth_ldap_url: ldap://127.0.0.1
|
|
authelia_auth_ldap_start_tls: False
|
|
authelia_auth_ldap_tls_skip_verify: False
|
|
authelia_auth_ldap_tls_minimum_version: TLS1.2
|
|
authelia_auth_ldap_base_dn: dc=example,dc=com
|
|
authelia_auth_ldap_username_attribute: uid
|
|
authelia_auth_ldap_additional_users_dn: ou=users
|
|
authelia_auth_ldap_users_filter: (&({username_attribute}={input})(objectClass=person))
|
|
authelia_auth_ldap_group_name_attribute: cn
|
|
authelia_auth_ldap_additional_groups_dn: ou=groups
|
|
authelia_auth_ldap_groups_filter: (&(member={dn})(objectclass=groupOfNames))
|
|
authelia_auth_ldap_mail_attribute: mail
|
|
authelia_auth_ldap_display_name_attribute: displayname
|
|
authelia_auth_ldap_bind_user: cn=admin,dc=example,dc=com
|
|
authelia_auth_ldap_bind_password: password
|
|
|
|
# @var authelia_storage_encryption_key:description: >
|
|
# The encryption key used to encrypt data in the database. The minimum length of this key is 20 characters,
|
|
# however we generally recommend above 64 characters. For security reasons, it's highly recommended to create
|
|
# a unique key.
|
|
# @end
|
|
authelia_storage_encryption_key: bp33fh3cTswzdMndXrrVMrLd
|
|
|
|
# @var authelia_storage_backend:description: >
|
|
# Set storage backend. Available options are `local|postgres`. All `authelia_storage_db_` variables will only work
|
|
# while the PostgreSQL backend is enabled.
|
|
# @end
|
|
authelia_storage_backend: local
|
|
|
|
authelia_storage_db_host: 127.0.0.1
|
|
authelia_storage_db_port: 5432
|
|
authelia_storage_db_name: authelia
|
|
authelia_storage_db_username: authelia
|
|
authelia_storage_db_password: mypassword
|
|
authelia_storage_db_sslmode: disable
|
|
|
|
# @var authelia_session_backend:description: >
|
|
# Set session backend. Available options are `local|redis`. All `authelia_session_redis_` variables will only work
|
|
# while the Redis backend is enabled.
|
|
# @end
|
|
authelia_session_backend: local
|
|
|
|
authelia_session_name: authelia_session
|
|
authelia_session_domain: example.com
|
|
authelia_session_same_site: lax
|
|
authelia_session_secret: insecure_session_secret
|
|
authelia_session_expiration: 1h
|
|
authelia_session_inactivity: 5m
|
|
authelia_session_remember_me_duration: 1M
|
|
|
|
authelia_session_redis_host: 127.0.0.1
|
|
authelia_session_redis_port: 6379
|
|
authelia_session_redis_database_index: 0
|
|
authelia_session_redis_maximum_active_connections: 8
|
|
authelia_session_redis_minimum_idle_connections: 0
|
|
|
|
authelia_regulation_max_retries: 3
|
|
authelia_regulation_find_time: 2m
|
|
authelia_regulation_ban_time: 5m
|
|
|
|
authelia_access_control_default_policy: one_factor
|
|
authelia_access_control_networks: []
|
|
authelia_access_control_rules: []
|
|
|
|
authelia_notifier_disable_startup_check: False
|
|
|
|
# @var authelia_notifier_backend:description: >
|
|
# Set notifier backend. Available options are `local|smtp`. All `authelia_notifier_smtp_` variables will only work
|
|
# while the SMTP backend is enabled.
|
|
# @end
|
|
authelia_notifier_backend: local
|
|
|
|
authelia_notifier_smtp_username: test
|
|
authelia_notifier_smtp_password: password
|
|
authelia_notifier_smtp_host: 127.0.0.1
|
|
authelia_notifier_smtp_port: 1025
|
|
authelia_notifier_smtp_sender: admin@example.com
|
|
authelia_notifier_smtp_identifier: localhost
|
|
authelia_notifier_smtp_subject: "[Authelia] {title}"
|
|
authelia_notifier_smtp_startup_check_address: test@authelia.com
|
|
authelia_notifier_smtp_disable_require_tls: False
|
|
authelia_notifier_smtp_disable_html_emails: False
|
|
authelia_notifier_smtp_tls_skip_verify: False
|
|
authelia_notifier_smtp_tls_minimum_version: TLS1.2
|