server: host: 0.0.0.0 port: 9091 asset_path: /config/assets headers: csp_template: "default-src 'self'; frame-src 'none'; object-src 'none'; style-src 'self' 'unsafe-inline' https://theme-park.dev; script-src 'self' 'nonce-%nonce%'; base-uri 'self';" log: level: debug theme: dark jwt_secret: '${JWT_SECRET}' totp: issuer: authelia.com authentication_backend: file: path: /config/users.yml access_control: default_policy: deny rules: # Bypass authentication for local LAN requests - domain: "*.kotori-waifu.cc" networks: - 192.168.0.0/16 - 10.0.0.0/8 - 172.16.0.0/12 policy: bypass # Require 2FA for external requests - domain: "*.kotori-waifu.cc" policy: two_factor session: name: authelia_session domain: kotori-waifu.cc secret: '${SESSION_SECRET}' expiration: 3600 inactivity: 1000 storage: encryption_key: '${STORAGE_ENCRYPTION_KEY}' local: path: /config/db.sqlite3 notifier: filesystem: filename: /config/notification.txt identity_providers: oidc: hmac_secret: '${JWT_SECRET}' issuer_private_key: | -----BEGIN PRIVATE KEY----- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCyoMWpOz8xnBC3 MMVMug8ko+vf9zehSZClMGSxbG7MYV/BIXWX9a7LTtaW8ZzkMp64UNdywMW/SUTT Z2VNqhEkvyneA5L8Sw67ubIsD6/A7TTlsWBNbtd/Y/rzPXPdUTMGFQ6Tu4jALiMb D7m6vQLofZ7jQYUbWVCwRidgfeCESL5h+insVS8Asx2CAtMO9Lr+GIRoKDYmdzXw sx12vuiJRiuHRkcOAplvgkBgWauImVL13j0T/Wka3q3AQmBFEdX7mWYmBAm42328 v8w8YQn6U41JPXcZf/SJX4oRv5f5RbHM1N0vjNYDkdoF+/RDs1+DqeVcF+JRo/Pu MKE55eP/gH8H1Elqd4aTFbix0VVbLnLn5GjctYEanwfxgZsWyw5vqKz0SNqA2xn2 UgFkKFZ+KZ643DiT5Cmkinf+N3mrpyke5a9hzvkEiwVRoDg8SO8yACMAbxr23w71 lNCy8BUXmDmPZArRwgb6uGsHeLqsMcTXOLY/1dZSC1JZR0t6kG+6fFfbXvqFpx5r iER6O0R3cXh6sTnzovg3L3nE6iLXoZUXz+WDJVE18Qh9pjCOk9UPtANLvQ1mH9Hk rWR5V6gnr7bV7gzJVvJ4FG+BFzOQnNc3NgmixXeyY8v+hmQ8TFMprIH4W5xahVBk bt6vJ60uL3OMTgCmD6EUysSSnNR5KwIDAQABAoICAFifKAG6ibMwtSBV24UiCDJK +1LuAZUM/Ozfsg1OeTgAFXQpiACA3Rwz/IX90DNtI87ZGNLvbgxlqvZhZWKfPgsn pntl9Y4jJOehDRMMI0vJw8Uzd85i8BpdPZthQTMrvm9FkipcT8/c9ADQj/pkHOXA sUwZbRLxAHW8EHwwZ2vp9T6B0TvV1VB5DOo8QX85ju5StppAXQE/gqztCHCp7Y9x l1XxWX5LbtliW1MSGebW/tBJ1q6sunEgyj5JEB8kZrABXqr8tOAYUW0MESVhlYQy 4LVV/9lQYL+o/USp9BmxaLFxaF1Xd7Rkr7DpXDoca4ZUi5zhoqCTgYmKaeriMfd0 XqWzd37055sqahJzXulXCr/fr4ksUtCc13cpgwa2g9i9sLHjt8UOfl2qXOx2CSqM m5I1Kx4UqQWZQ7vWiYptnpNpUXrKVtFR3vg33lxr8B8TNwb0B/l+Kxk9Q1y4QNBh AhKbp7Aq1TAikuIDn1Z2aGF1lWUcvcoKV1FAsUIcwPmAo9u/jhv+LZ80NNrMzwVl Cie4coda8uTR2diLORiaXxQG8oSiopsm9Gn6M+lIIZM9Rvxtuzd6dmzGVTGANOvi YVsLAKLgTjiOtmi6hKCs99U+7TzgLYKliEqKF2mEU0UHDOCntWuKga7o4MjzOouO p/1XCqm2jt2qrK73OdDlAoIBAQDfuNQyWmTKqmgDlr/gvyaibcpfA9QnYiBUAUFE EVwsMkP0sVS4buAvl76oTYmQGkB/jLxMGdtdPrDVYG2ki/5qv2vsdLHtKqP79BBZ dmR37gN+eMmzoAYtWNstVj9o/nIntYK77MpM8ynByPhQ0WsCxgwXRrOQWKKccoxL O0ijTLKi/Oq02OCj4n9SrQqLlq+rT/7AqEB7dPYPZH9+ufoGwycvyChfD5UBQluY zUx7yn543fe8MCEEIs+UUmxPhdKAmFCdVMdeBiK9PDaZDJbHSlZ4JB7MLvk5gxIZ +d3Y+415SMnReypKnfVDkrM46y980cGES3tXeh5qDNPXUNgdAoIBAQDMZmXA+BfK 8J1skJFLTCFsPP5azNt1Fmx620I4scJzSMA7EEZN0WewIYbaE3pTqS08/bfKcJIh UYhY5U7WMiPlF8GgdhpV/0YUP2+OvT4gBpgzUNdljek3nh4WC/nEt6IBEW1rS/vS /xwEwP08aSZORg2F/v75YidYF/gJTmaDQisAvzuDioCVg2T+JIENv3BW3/3Zpc5e dJGAx3F+j4N+bFacCjGph0A/KTlvdrepzIWcbYqbkl9bT0jmJUJoCm2o/WbguNfe qB6EwpZno61qAuIE6C6mePIEy817XxXjKHwqI2DyylCuHI+EPL0VQkEj0NsAwi// KW/UKrAhs6PnAoIBAGIHzkuGGnZHty4jZ06m09oGu89okRT0xW+p4RxfcwEWwXo+ Hf527xtLpcp/t1CCgFKjq3q5NcslBj1pdIHOqhvCZxsEg1aGAbcMWgGphBqdG8DW UqO38hz6u4ehLEXogMLvoSqRdo/DWT/FvTFEolxjxbaJT3Nns1FUTC9G+ew8VmZe 5sV55u1I+TuUAXPrAmzRr7Jhx2eRd6SFB+zSt0ExUEF6tl35KPSVTCenheUUdNin gr9eY4k5a7X1a+ponDWnCGP4WyfTDnPXJ6Fmx8bpxvv779bOmnxd95eUSmaiy3oi r/RvwLdTgb4rUQcW3wcVrnM21AQfyaX0mvrVPO0CggEAal/kFtBGuaQNmaGHLBO7 1TPM//5bPA1meW3AgfbpBsxW1qY6oGcZuk1IfBfk8sM5uuMkEmQReOuQtQrpw4mm qqR5bYPpYtYOZ5039qZAPbSQ4yvwXXbEZ+CPMdQbsagL1Nh4BH4v2XhQ4Zx6bkUe 3V+RzCmQEsNlTHB08ortyOPXs3TSiTu8fZM7LRRcYYY+9cduuiWTSA8MZmPligMw YMwLKvwXKm4sHnLa5Ep5fRHmeyl7GEnN/Jw/iR7c935t4aO3Nb6dAdCmyVrnoZpK NsC3Vexr0tFgyuQx1UIABw9bxyZQXyqxYFuWyTA/C2BGvFgGkdd92SJ8g4OP1IpE AwKCAQEAgsiTnf0a5ApqSck6+Sh+I7UoWPhVZnfHt20HHCDDuSJ2YnN3VPuq0BR3 9JGxGLyrb/Ff2Id3sKuMjgM+wd40PHH4yycSIVMbtLh+wq0kEjZEYKjbh6s9fwFT fM98gKkn4LR0nA7+1wqJgRXCDgVPabuNN0Hl0PpNPyBz0neTXVLfi0hY/FuxYc5y C6jReFokfEN1ytqbGacYIPaf2kBca7VeqChFF0L0c31jfdw7n2+PAx+t3TV8CY6Q 4s0HKuGAP8/QdvLuyQ/65/URtLo2FPBYXRRo0Xkt9fSa25whM/WqeDlWsLBWtKnX TPMEZwjEHeWXbX5uMp9us/nHJSeVcw== -----END PRIVATE KEY----- clients: - id: mealie description: Mealie secret: '$pbkdf2-sha512$310000$8BwfR2MN6UuViyTqVUyJsQ$HN/GOuf1rzr8uY0zYDK.kerSzfafzAzePx5C8DWd9hmZwLmJjENz0gQwkmiDRl9AkxlmvwnWxxQkxbBSaccGOg' public: false authorization_policy: two_factor redirect_uris: - https://mealie.kotori-waifu.cc/login scopes: - openid - profile - email - groups userinfo_signing_algorithm: none - id: immich description: Immich secret: '$pbkdf2-sha512$310000$Rapi4k3I6YTHdaHSmBhvTQ$HWk67FyxaIl/Ejc7GbLjim8/gzwuWa6bG1sZbHNaxSSCvw3Q1NKbskaFm55rFRXVFw..ZabmcpvvAfy/3qq4Vg' public: false authorization_policy: two_factor redirect_uris: - https://immich.kotori-waifu.cc/auth/login - https://immich.kotori-waifu.cc/user-settings - app.immich:///oauth-callback - https://immich.kotori-waifu.cc/api/oauth/mobile-redirect scopes: - openid - profile - email userinfo_signing_algorithm: none - id: gitea description: Gitea secret: '$pbkdf2-sha512$310000$PNUBcRwmG.FuaKw9sd9YGA$NwhUVxhtcvIGS1N7.1it1Y5IvigEnNUoPeAicZSswWkNhvkcdMCW2w9DiqZzRU8UOQ5PqYaWJVkv3rY/e/bZgw' public: false authorization_policy: two_factor redirect_uris: - https://git.kotori-waifu.cc/user/oauth2/authelia/callback scopes: - openid - profile - email - groups userinfo_signing_algorithm: none - id: bookstack description: BookStack secret: '$pbkdf2-sha512$310000$i6qf1F2y8pQWJDmHEBXYHw$I9IBetYI247pBzZ1pjG5MHFMHutCH9PX1wnFHi7HEsIzsucu.Tp7DD2EypVC9wTftc7sV776JT9g6N2jHuSD3g' public: false authorization_policy: two_factor redirect_uris: - https://bs.kotori-waifu.cc/oidc/callback scopes: - openid - profile - email - groups userinfo_signing_algorithm: none