apiVersion: v1 kind: ConfigMap metadata: name: authelia-config namespace: tools data: configuration.yaml: | server: address: 'tcp4://:9091' buffers: read: 16384 log: level: info file_path: '' keep_stdout: true identity_validation: elevated_session: require_second_factor: true reset_password: jwt_lifespan: '5 minutes' theme: dark totp: disable: false issuer: 'akshun-lab.cc' period: 30 skew: 1 algorithm: 'sha1' digits: 6 secret_size: 32 allowed_algorithms: - 'SHA1' allowed_digits: - 6 allowed_periods: - 30 disable_reuse_security_policy: false password_policy: zxcvbn: enabled: true min_score: 4 authentication_backend: file: path: '/config/users.yml' password: algorithm: 'argon2' argon2: variant: 'argon2id' iterations: 3 memory: 65535 parallelism: 4 key_length: 32 salt_length: 16 access_control: default_policy: 'deny' rules: - domain: 'auth.akshun-lab.cc' policy: bypass - domain: 'invidious.akshun-lab.cc' resources: '^/(api/v1|feed|videoplayback|vi/.+\.(jpg|webp)|ggpht|latest_version|sb)' policy: bypass - domain: 'immich.akshun-lab.cc' policy: bypass - domain: 'jellyfin.akshun-lab.cc' policy: bypass - domain: 'gitea.akshun-lab.cc' policy: bypass - domain: 'nextcloud.akshun-lab.cc' policy: bypass - domain: 'collabora.akshun-lab.cc' policy: bypass - domain: 'vw.akshun-lab.cc' policy: bypass - domain: '*.akshun-lab.cc' policy: two_factor session: name: 'authelia_session' cookies: - domain: 'akshun-lab.cc' authelia_url: 'https://auth.akshun-lab.cc' regulation: max_retries: 4 find_time: 120 ban_time: 300 storage: local: path: '/config/db.sqlite3' notifier: disable_startup_check: false smtp: address: submissions://smtp.gmail.com:465 username: aggarwalakshun@gmail.com sender: aggarwalakshun@gmail.com identifier: localhost subject: "[Authelia] {title}" startup_check_address: aggarwalakshun@gmail.com disable_require_tls: false disable_html_emails: false tls: skip_verify: false minimum_version: TLS1.2 ntp: address: 'time.google.com:123' version: 4 max_desync: '3s' disable_startup_check: false