access_control:
  default_policy: one_factor
  rules:
  - domain: paperless.pyrocufflink.blue
    policy: two_factor

authentication_backend:
  ldap:
    base_dn: DC=pyrocufflink,DC=blue
    implementation: activedirectory
    tls:
      minimum_version: TLS1.2
    url: ldaps://pyrocufflink.blue
    user: CN=svc.authelia,CN=Users,DC=pyrocufflink,DC=blue

identity_providers:
  oidc:
    clients:
    - id: e20a50c2-55eb-4cb1-96ce-fe71c61c1d89
      description: Jenkins
      secret: >-
        $argon2id$v=19$m=65536,t=3,p=4$qoo6+3ToLbsZOI/BxcppGw$srNBfpIHqpxLh+VfVNNe27A1Ci9dCKLfB8rWXLNkv44
      redirect_uris:
      - https://jenkins.pyrocufflink.blue/securityRealm/finishLogin
      scopes:
      - openid
      - groups
      - profile
      - email
      - offline_access
      authorization_policy: one_factor
    - id: kubernetes
      description: Kubernetes
      public: true
      redirect_uris:
      - http://localhost:8000
      - http://localhost:18000
      authorization_policy: one_factor

log:
  level: trace

notifier:
  smtp:
    disable_require_tls: true
    host: mail.pyrocufflink.blue
    port: 25
    sender: auth@pyrocufflink.net

session:
  domain: pyrocufflink.blue
  expiration: 1d
  inactivity: 4h

storage:
  local:
    path: /var/lib/authelia/db.sqlite3