apiVersion: v1
kind: ConfigMap
metadata:
  name: authelia-config
data:
  configuration.yml: |
    server:
      address: "tcp://0.0.0.0:9091"
    
    log:
      level: {{ .Values.config.log.level | default "info" }}
    
    identity_validation:
      reset_password:
        jwt_secret: ""
    
    session:
      name: authelia_session
      secret: ""
      expiration: 3600
      inactivity: 900
      cookies:
        - domain: {{ .Values.domain | quote }}
          authelia_url: {{ .Values.authelia_url | quote }}
    
    storage:
      encryption_key: ""
      local:
        path: /var/lib/authelia/db.sqlite3
    
    authentication_backend:
      file:
        path: /config/users_database.yml
        watch: true
    
    access_control:
      default_policy: deny
      rules:
        - domain:
            - {{ printf "*.%s" .Values.domain | quote }}
            - {{ .Values.domain | quote }}
          policy: two_factor
    
    notifier:
      smtp:
        address: "submission://{{ .Values.config.notifier.smtp.host }}:{{ .Values.config.notifier.smtp.port }}"
        sender: {{ .Values.config.notifier.smtp.sender | quote }}
        username: {{ .Values.config.notifier.smtp.username | quote }}
        password: ""
    
    webauthn:
      display_name: {{ .Values.config.webauthn.display_name | quote }}
      enable_passkey_login: {{ .Values.config.webauthn.enable_passkey_login }}
      experimental_enable_passkey_uv_two_factors: {{ .Values.config.webauthn.experimental_enable_passkey_uv_two_factors }}
      selection_criteria:
        user_verification: {{ .Values.config.webauthn.selection_criteria.user_verification | quote }}
        discoverability: {{ .Values.config.webauthn.selection_criteria.discoverability | quote }}