server:
  host: 0.0.0.0
  port: 9091
  asset_path: /config/assets/

log:
  level: info

# This is where your session cookie lives
session:
  name: authelia_session
  domain: quangkhai.ch # CHANGE THIS
  same_site: lax
  secret: "VeNuocNuocVe26!" # Generate a random string
  expiration: 1h
  inactivity: 5m

# For local testing, we store users in a YAML file
authentication_backend:
  file:
    path: /config/users_database.yml

# Where Authelia remembers who is logged in
storage:
  local:
    path: /config/db.sqlite3
  encryption_key: "BichDao2761!2761!2761!" # Generate a random string

# How Traefik knows who can go where
access_control:
  default_policy: deny
  rules:
    - domain: "auth.quangkhai.ch"
      policy: bypass
    - domain: "*.quangkhai.ch"
      policy: one_factor

# Required for password resets and 2FA emails
# For testing, this just logs emails to a file instead of sending them
notifier:
  filesystem:
    filename: /config/emails.txt

identity_validation:
  reset_password:
    jwt_secret: "pAN9YQfbwLvjhbK0ti2iNAl9RU9S96VL" # This fixes your current error

identity_providers:
  oidc:
    jwks:
      - key_id: 'main-key'
        algorithm: 'RS256'
        key: |
          -----BEGIN PRIVATE KEY-----
          MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDKFMW0cNbQJq0h
          r+e8Hl8gV4M33A/6q0ByJBGWOsVicV3LaCwcGEwXMOMqOfFtSSJ1TiCx6hxM029o
          uxss+zBSCMNGHVan5ewE6xQsnzkDQdKxw3ygk2Y0TINbEKpwLQIhAtwYyu7lR5aB
          stJjVYb/Efzp/loIwe6/X7TYNqwo5Xf946de7xEtYwPaBFajvv+vwOK0XqfIZ7MK
          t+GvOYb0IlgmgpDEh8pHc+o4CS7pd8X9IueZnI3f3vR90E6HNXLOuz6GA/Ud0uiX
          U4LKKW2pmIHW1X+WIPI9B7a2EnSNU/5vPW+If+eTDwV87SsfvGSK/16NEBc/65tg
          fyqoOABJVYgrDAo3GuUF8aZj4tkigrCorrtTY4ZPgTZZPoCkhwJpgkB10kn2N3sr
          xgf8eVb/pnCDWeLCdIqdhhnX0W8+ds7itX3DhwK95ozcij+I8P+AI+PUDKSAcMHe
          x09tALiSg5KmjZRHgIdGnmFSp2heLw2Ikx0AngAMkVjm9Pf0Nb8mGPVrJ3OkrV1w
          fJf2hoy/W/Xj/CiSKZgTMy8gcscdpnn0/ghXJe2R1Rp4eLJNJ0mtzOodZbTqVhGg
          HjQEDkwUcBIAuUDvk3WMP2JBIqBHuK6GJ3/IPWwfV4XK5SAgOHUW7nXAbd1f2o6y
          UdpDIWcWObJhlO3q0SPCOavxI0rSAwIDAQABAoICAEn3WHY3ZylBPtW5wSSGKWN5
          JLppfh/OVwRwV0+Zq23g+Ofe9WZDLna+mid2lfvebRJqymTUwA8OxRSch9HrD0C3
          nGIpkvJZog4azYOXtBKRIUGXwCI2UY6LAvluHDR7BPB4T39zqAWcMma+wWtCfusV
          9nDffKz/7xd1PIh3WoSNmWIA1d5Vuv/V4i8Gr3+4BXabL1+91cPw0QP3UlAEynTJ
          rWJLIBoPaebFctGX6ufhw0JoaEU9nGB5BxyWBmhPE/q/Zp8/C5UjAaeCFblReKY/
          ACdWdiDJZmEYVbRHBQpF2Dd3UT+xMV4OfX/Af6xaFKMb3cvcO+ZVosWrRj3UYaXP
          MZ7fW+J9f4SlLxaxQp3U+uO0VXykAo1oXRKO3rgLIsP/aQabRs+VkZ8BdwGkqQoq
          uuHEJOZJLXfJbunYONyrS02rZLCJ6ajR4rF5MRTnGbKsqroMOfjSQhJAcwYhocSy
          2wBq0McLYrMz0aTjtHhB/qngrpzcWAn8PouPg5pAKi5sYukClAYBzVYkpi6yT0rk
          Mc/kXnwkAj2wfwaHpA1jEUp2WWNEZtqtIWuc7Fx9riXaklmtK36YK4YX+KST3eA2
          pZWHU7GuXcdT2zXjpIWO4tUxqWMhNhV1svxVA8kW8tmzSiS74ZQ/JJf0ZP8p6rzz
          8TkYkC3MQP05fyF3guvhAoIBAQDWcQAW6v+bKcOQfNwpqXrYF6NKtEGkiNr11k5X
          qeGMG4sbP2ZvcCrFtGit13QlAvnPNG+PPOyl4iQ14qJ3aB9SLAPPYh12j7QL7CyU
          unWrdFFrB3ac/EVvmbnYbnOBVLUlb1/GZkoQAksm+jpNi+VNiUXgQtRXgp+uMeAu
          JpAInLPdMpA/QLI/xotKya5HulJYPPDdxffIej8QZ44pdsRdMX1Kr25YIdfSneaL
          q/+d2piURQL2MenDYknUHFzdYTcE+k4hLpcRF20AjpHh1dI70mgEcSQ7ZZ4g03Tn
          TAgufzzHEV40MsqzRJyecmZ2Du7H+3TDdX03Z9NoP+Rm8eiHAoIBAQDxPov6FkZ3
          ujY/p6yv/ofePhaaL5zOwCPgK3ZkB3ryE//NyTPhk4raeix1UDdwblTF+j9CJVF+
          tMH65W0GrAQTxlWK8aT4Iu03GFlCzPCFjEYBKMpNQBpuXVP9uHqUQ/6dcoNgKSV6
          qRyF0n2Xs57C9qpv/2Fj72CiAT/p9Yd7VZn9w5DewQGl8dJDOBHw5Scus6fLNBxA
          mwO0KtTZ6c0btNYLf+izDOvIuouKVIjv0HWPeF0Tonc/zgxb8xBIlUZMFPa24R2e
          2KlH717XU2OmhOe/RIwTLEw9erEWdU3W3QsjCiQXtGZGOq8caHbeuG13dEcrcXHd
          XWflvN6E5DWlAoIBAQC3eKci9J0NHIZ+MNYNrzuzd0X2vJMNOypb+6e7yVV4knhK
          L8xsvANcdCa71gNBR3KEndB1NSMkKn/guq9WineBzrbT0JZ0wi7BpKff+EiFEVg3
          woLxfcXK3jPrwVSB6v+xr8C59vqXB99U0fLgNjlSRYjLf2I+HTyRxYqQ8d16ANjD
          AGf6NlhLyIuUyUmbhQa/CCTtGlwN4sniNzeiskL/mUAhjkdSkGIfiYmfJuHlJQo2
          kXUfP0VKLeYM3Nd3cZ2pXJ9MNJh7vxc7yr92AYOGO1dTtZnSV/cbDtCOtLarUaGm
          kG2RK4PSLXny9t5DVDNoVvRn5zXjGan/H+tDSOYxAoIBAQCph8HIanT02EgdLZDe
          UOlcFZe+nKz+YeoUM5bMLrGIguNl0voBkLSoWej6O/fpq68pPXXM3vrJJu+WiDm4
          0ZM/7kXZEX1T3v+CkzrPBcQUpYHgeLDJ3r10R2OpzkVeAfZg4MNQBTpQW50uscAO
          pmxwJ/WYJQhkuSjYUDaBDEk8M+i2ewNIdqvY2PpgwHtjJTYGzLuiwikEgar1po/T
          30iDKu6sQCPgB7l+YxGCkWt107F5tCT8klRo4zyuNT6BM12mQ6ko1UQCh9FWOvIU
          MYa603UkZWBmbN/a6GigFqkv0EBuTEcW3XBt8/lw5jx6wXIz2uPUtLFG1cgYm0Ro
          cRL9AoIBAQDUNHK6/5AHOcIWI3c/tdvmQZO5Tc710NjIZRGrVzUYqZyCqfza3F0s
          8+PXZ+hiaq10MN05Pe+coa2aTDu0WNSakEZLvMseCRbBhvMebQxJtE+33Bz+nQwG
          Q0bULzGM3vdPyu94vTPsWZnig2O56ooZmmWnhwWRzRXYi/S91h9HSBcbpt+ITMJd
          sMIHdegQy6ozUSjp9ctXAMGkeAp0fiMOXubVEHri2w6vG2HbMYIRKt2kYlW2GE15
          VH4OjYTkdm0vzMREd3F5Y+5MHu5tnp4BHuKeU2QY9AjFG4XafaRZ8kaECtzmW2F/
          F9hsZX2RVgZ8jEegKbkIrEwAdfeIeDTI
          -----END PRIVATE KEY-----
    clients:
      - id: gitea
        description: Gitea Self-Hosted Git
        secret: '$argon2id$v=19$m=65536,t=3,p=4$7jFW+gDdYzZFb1sLiFWrmw$+QRLY295XCR+dcYs/NLTvP30luloaqZpXFLc6d2DRZU' # Erzeugt mit: authelia crypto hash generate argon2
        public: false
        authorization_policy: 'one_factor' # oder 'two_factor'
        redirect_uris:
          - https://gitea.quangkhai.ch/user/oauth2/authelia/callback
        scopes:
          - openid
          - profile
          - email
          - groups
        userinfo_signed_response_alg: 'none'
      - id: grafana
        description: Grafana via Authelia
        secret: '$argon2id$v=19$m=65536,t=3,p=4$IoJjIPmtn81rI0te8lV5Yw$tptaXFfI1NOsPctEzyAYiRblzFNsWgbS9Gh160OkoqQ'
        public: false
        authorization_policy: one_factor
        redirect_uris:
          - https://grafana.quangkhai.ch/login/generic_oauth
        scopes:
          - openid
          - profile
          - email
        userinfo_signed_response_alg: 'none'