theme: auto
jwt_secret: "{{var_authelia_jwt_secret}}"
default_2fa_method: totp
server:
  host: "{{var_authelia_listen_address}}"
  port: 9091
  path: ""
  enable_pprof: false
  enable_expvars: false
  disable_healthcheck: false
log:
  level: info
  format: json
  file_path: {{var_authelia_log_file_path}}
  keep_stdout: false
telemetry:
  metrics:
    enabled: false
    address: tcp://0.0.0.0:9959
totp:
  disable: false
  issuer: authelia.com
  algorithm: sha1
  digits: 6
  period: 30
  skew: 1
  secret_size: 32
webauthn:
  disable: true
  timeout: 60s
  display_name: Authelia
  attestation_conveyance_preference: indirect
  user_verification: preferred
ntp:
  address: "{{var_authelia_ntp_server}}"
  version: 4
  max_desync: 3s
  disable_startup_check: false
  disable_failure: false
authentication_backend:
  password_reset:
    disable: true
    custom_url: ""
  refresh_interval: 5m
  file:
    path: "{{var_authelia_users_file_path}}"
    watch: true
    search:
      email: false
      case_insensitive: false
    password:
      algorithm: argon2
      argon2:
        variant: argon2id
        iterations: 3
        memory: 65536
        parallelism: 4
        key_length: 32
        salt_length: 16
      scrypt:
        iterations: 16
        block_size: 8
        parallelism: 1
        key_length: 32
        salt_length: 16
      pbkdf2:
        variant: sha512
        iterations: 310000
        salt_length: 16
      sha2crypt:
        variant: sha512
        iterations: 50000
        salt_length: 16
      bcrypt:
        variant: standard
        cost: 12
password_policy:
  standard:
    enabled: false
    min_length: 8
    max_length: 0
    require_uppercase: true
    require_lowercase: true
    require_number: true
    require_special: true
  zxcvbn:
    enabled: false
    min_score: 3
access_control:
  default_policy: one_factor
session:
  name: authelia_session
  domain: "{{var_authelia_session_domain}}"
  same_site: lax
  secret: "{{var_authelia_session_secret}}"
  expiration: 1h
  inactivity: 5m
  remember_me_duration: 1M
regulation:
  max_retries: 3
  find_time: 2m
  ban_time: 5m
storage:
  encryption_key: "{{var_authelia_storage_encryption_key}}"
  local:
    path: "{{var_authelia_storage_path}}"
notifier:
  disable_startup_check: true
{% if var_authelia_notification_mode == "file" %}
  filesystem:
    filename: {{var_authelia_notification_file_path}}
{% endif %}
{% if var_authelia_notification_mode == "smtp" %}
  smtp:
    host: "{{var_authelia_notification_smtp_host}}"
    port: {{var_authelia_notification_smtp_port}}
    username: "{{var_authelia_notification_smtp_username}}"
    password: "{{var_authelia_notification_smtp_password}}"
    sender: "{{var_authelia_notification_smtp_sender}}"
    disable_require_tls: false
    disable_html_emails: false
    tls:
      skip_verify: false
{% endif %}
identity_providers:
  oidc:
    hmac_secret: "{{var_authelia_oidc_hmac_secret}}"
    issuer_private_key: |
{% filter indent(width=6) %}
      {{temp_tls_result.privatekey}}
{% endfilter %}
    cors:
      allowed_origins_from_client_redirect_uris: true
    clients:
      -
        public: false
        id: "dummy"
        secret: "d1424b378e4fbbc153f330f33b74ab192525b98cc2dd58b2e8d01c2737be00c6"
        redirect_uris: []

...