theme: 'dark' default_2fa_method: 'totp' totp: issuer: 'auth.aggtaa.com' identity_validation: reset_password: jwt_secret: 'ShnKq2VDRwA1fMxwhmPmkj3DJdt40CqO6WWyDKmdohFQH7WAypikiq109yKf9nUv' authentication_backend: file: path: '/config/users_database.yml' watch: true search: email: false case_insensitive: false password: algorithm: 'argon2' argon2: variant: 'argon2id' iterations: 3 memory: 65536 parallelism: 4 key_length: 32 salt_length: 16 access_control: default_policy: 'deny' rules: - domain: "*.aggtaa.com" policy: two_factor networks: - 192.168.0.0/16 - 10.0.0.0/8 - 172.16.0.0/12 - domain: "*.aggtaa.com" policy: two_factor session: name: 'aas' secret: 'It1PZBvUNXvfbRnaOSBkupXxCMt8FRrc' cookies: - name: 'aas' domain: 'aggtaa.com' authelia_url: 'https://auth.aggtaa.com' regulation: max_retries: 3 find_time: '2 minutes' ban_time: '5 minutes' storage: encryption_key: '8Ei4XmiFM1GF7EWxiHyyReEWSuUgc4zH' local: path: '/db/db.sqlite3' notifier: smtp: address: 'smtp://mail-eu.smtp2go.com:587' username: 'robot@aggtaa.com' password: 'ULCKdUexeCQVgDl3' sender: 'auth.aggtaa.com ' subject: 'auth.aggtaa.com: {title}' tls: server_name: 'mail-eu.smtp2go.com' identity_providers: oidc: hmac_secret: 'mbHg5s2JnQDuGdtBxrofu7uiu4MR7098' jwks: - key_id: "main" algorithm: 'RS256' use: "sig" key: | -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCiXH1drELlUhBh RL0YayG5k+6jLnGD1646iHbB36rGTFRdhbz8h9v1g+QkPlHY9chzTtc67QD89myv 46+pYW32QmIlx86xrP7AMFxyHhL8XSVV3AHSWiNL1RwN59Aa1IMo2xhw36ZH0WH/ bAmodMQ9lIrP4T3EU4tUoRvO7RvcHW/ngrfd5xonmBLY13m+sAXtolG8yRzVW2Qh ew1Y55r6Armrihvyo+/0L5raBrPt+w476t35rz/uUUIvdrQMUwIitpd3vP9j0rW/ sTkKrx9Djgs9ECIvIyhJcMiiCZnpqWnUvJzYAbbehU6T4ASW8qOD5d2LBA7cO9R+ QNrrj2wbAgMBAAECggEAFWyu/lVk3m3dy3gOm9JHOP3UV6QhRoyHaSHoydyB5Hje CRlEvu4OkG8/A6lVk5ObR9v3escbgkXiQbOB0pAQupY37VRYagmx9BptmIFvb+26 p4HIm8FZNwCAGzWjuGaiiBmhOAPLJV7z14iiHaCK5LVdO+E1DVsY36oCyWNwcbMa 4+d6RGgbFeUHXGnuayd5hTvUlsXAbPo4/gJT1KDvqPPjZl8U6ur1mRIt+BTzrntv C2oN1hq+cJQRrQhySt0/QNAE+k4+r70ZKC/4rDjYkdhyBqNPq7mjAYJ7miWF/YFZ 4AYzo+z7Mws1sMJkNG/SFaNXWgh8KWdFHfgZNWSogQKBgQDSf2w8j9WC1h30FtKy kGYWFKcNYM2AGoE5PnT1bxvBOtgrttwOVsXESIjyXgRygKvZgExIx3nh8bUkXHWL 31wY5y1I6ZrvFIKNsfaQm8sf9PttH4biXJ3h9eBYeBx7y/3+QAOqqiDF+vcGOWJF xA7ZKBjz2NEgdr7c7jFsIIOiwwKBgQDFdUeOm+lY24nU0/qC06Zk7tjf3xxRGq9d Fddix1ENUS2BGcltOVr1UedWeoBeN5P004FqzRHyX4Z/1Yvzvax809TqyT36lQ/z zBjizZKggAmfU5wCCpuSubT+Wq1o3FPQ5fLbnllFMf1UE64lZouAT1NHFHuwDrYV e8bBCwzLyQKBgQCZSMkc4PDuMdXmJaiQ964fbjKn/1Imcyae9OheweZIM/2u954P owipAtkXBXffmeuKm27xoLEU49qw+9NtY93BFLdZXSPB7gGUBYAzlf+46cEdmdOz ixY9sbsJMY4saEQxnZQN942eHj88fRUfEMJvSE/DYqQHK/GZGKtMvfCd2QKBgF9Y EvZUaGdkkng25yaWxijEf+oRlF3BMd4Tts3WileQ1BUbe3yHDlmYc8j5G9Tip0m3 ey0z2i+bWpmNZqeJ9ajMrGm2RHwjz/EbowSY2O0xBfRt7c26i4Zcr32GEWepw7sB 3bOYEWjtC3K2kgczLbcGFqMiy9qmL9vNyZnbGRGpAoGBAKbIM3P1XrfJ2Uogbq1g ssjngQ/HvAbFwZlAP0mH6H1A8skJiqZ/unjlo98wAj7v912nd3rrm9VKZGkXakSR MqhDyoDv+RIbyhznbRiGd7S6ddqTx2zm03svlCqQZUH92GmFgQlUJ7AngqlxqxEv LHwFtrfVT+ViB1m8zP+RieKb -----END PRIVATE KEY----- enable_client_debug_messages: true cors: ## List of endpoints in addition to the metadata endpoints to permit cross-origin requests on. endpoints: - 'authorization' - 'pushed-authorization-request' - 'token' - 'revocation' - 'introspection' - 'userinfo' clients: - client_id: files.aggtaa.com client_name: files.aggtaa.com public: true consent_mode: pre-configured # store user consent for some time pre_configured_consent_duration: 100y scopes: - openid - email - profile - groups redirect_uris: - https://files.aggtaa.com/ - https://files.aggtaa.com/oidc-callback.html - https://files.aggtaa.com/oidc-silent-redirect.html