server:
  address: 0.0.0.0:9091
  endpoints:
    authz:
      forward-auth:
        implementation: 'ForwardAuth'

log:
  level: info

# --- Storage ---
storage:
  local:
    path: /config/db/authelia.sqlite.db

# --- Authentication ---
authentication_backend:
  file:
    path: /config/users_database.yml
    password:
      algorithm: argon2id
      iterations: 1
      memory: 2097152
      parallelism: 4
      salt_length: 16
      key_length: 32
  password_reset:
    disable: true
  password_change:
    disable: false

# --- Session ---
session:
  cookies:
    - domain: 'saljic.me'
      authelia_url: 'https://auth.saljic.me'
      default_redirection_url: 'https://home.saljic.me'

# --- Notifier (No Mail) ---
notifier:
  filesystem:
    filename: /config/db/notifications.log

# --- Access Control ---
access_control:
  default_policy: deny
  rules:
    - domain: "*.saljic.me"
      policy: one_factor

# --- Password policies ---
password_policy:
  standard:
    enabled: true
    min_length: 8
    require_uppercase: true
    require_lowercase: true
    require_number: true
    require_special: true