---

authelia_run_user: "{{ (authelia_user_info.uid) if authelia_user_info is defined else authelia_user }}"
authelia_run_group: "{{ (authelia_user_info.group) if authelia_user_info is defined else authelia_user }}"

authelia_container_base_volumes: >-2
  {{ [ authelia_config_file + ":/config/configuration.yml:ro"]
    + ([authelia_asset_dir + '/:' + authelia_config_server_asset_path + ':ro'] if authelia_asset_dir | default(false, true) else [])
    + ([ authelia_sqlite_storage_file + ":" + authelia_config_storage_local_path + ":z" ]
      if authelia_config_storage_local_path | default(false, true) else [])
    + ([ authelia_notification_storage_file + ":" + authelia_config_notifier_filesystem_filename + ":z" ]
      if authelia_config_notifier_filesystem_filename | default(false, true) else [])
    + ( [authelia_user_storage_file + ":" + authelia_config_authentication_backend_file_path + ":z"]
      if authelia_config_authentication_backend_file_path | default(false, true) else [])
  }}

authelia_container_base_labels:
  version: "{{ authelia_version }}"

authelia_config: "{{ authelia_base_config | combine(authelia_extra_config, recursive=True) }}"
authelia_top_level_config:
  theme: "{{ authelia_config_theme }}"
  jwt_secret: "{{ authelia_config_jwt_secret }}"
  log: "{{ authelia_config_log }}"
  telemetry: "{{ authelia_config_telemetry }}"
  totp: "{{ authelia_config_totp }}"
  webauthn: "{{ authelia_config_webauthn }}"
  duo_api: "{{ authelia_config_duo_api }}"
  ntp: "{{ authelia_config_ntp }}"
  authentication_backend: "{{ authelia_config_authentication_backend }}"
#  password_policy: "{{ authelia_config_password_policy }}"
  access_control: "{{ authelia_config_access_control }}"
  session: "{{ authelia_config_session }}"
  regulation: "{{ authelia_config_regulation }}"
  storage: "{{ authelia_config_storage }}"
  notifier: "{{ authelia_config_notifier }}"

authelia_base_config: >-2
  {{
    authelia_top_level_config
    | combine({"default_redirection_url": authelia_config_default_redirection_url}
      if authelia_config_default_redirection_url | default(false, true) else {})
    | combine(({"server": authelia_config_server })
      | combine({"tls": authelia_config_server_tls}
        if authelia_config_server_tls_key | default(false, true) else {}))
   }}

authelia_config_server: >-2
  {{
    {
      "address": authelia_config_server_address,
      "asset_path": authelia_config_server_asset_path,
      "disable_healthcheck": authelia_config_server_disable_healthcheck,
      "endpoints": authelia_config_server_endpoints,
      "buffers": authelia_config_server_buffers,
    } | combine({"headers": {"csp_template": authelia_config_server_headers_csp_template}}
        if authelia_config_server_headers_csp_template | default(false, true) else {})
  }}
authelia_config_server_endpoints:
  enable_expvars: "{{ authelia_config_server_endpoints_enable_expvars }}"
  enable_pprof: "{{ authelia_config_server_endpoints_enable_pprof }}"
authelia_config_server_buffers:
  read: "{{ authelia_config_server_buffers_read }}"
  write: "{{ authelia_config_server_buffers_write }}"
authelia_config_server_tls:
  key: "{{ authelia_config_server_tls_key }}"
  certificate: "{{ authelia_config_server_tls_certificate }}"
  client_certificates: "{{ authelia_config_server_tls_client_certificates }}"
authelia_config_log: >-2
  {{
    {
      "level": authelia_config_log_level,
      "format": authelia_config_log_format
    }
    | combine({"file_path": authelia_config_log_file_path}
      if authelia_config_log_file_path | default(false, true) else {})
    | combine({"keep_stdout": authelia_config_log_keep_stdout}
      if authelia_config_log_file_path | default(false, true) else {})
  }}
authelia_config_telemetry:
  metrics:
    enabled: "{{ authelia_config_telemetry_metrics_enabled }}"
    address: "{{ authelia_config_telemetry_metrics_address }}"
authelia_config_totp:
  disable: "{{ authelia_config_totp_disable }}"
  issuer: "{{ authelia_config_totp_issuer }}"
  algorithm: "{{ authelia_config_totp_algorithm }}"
  digits: "{{ authelia_config_totp_digits }}"
  period: "{{ authelia_config_totp_period }}"
  skew: "{{ authelia_config_totp_skew }}"
#  secret_size: "{{ authelia_config_totp_secret_size }}"
authelia_config_webauthn:
  disable: "{{ authelia_config_webauthn_disable }}"
  timeout: "{{ authelia_config_webauthn_timeout }}"
  display_name: "{{ authelia_config_webauthn_display_name }}"
  attestation_conveyance_preference: "{{ authelia_config_webauthn_attestation_conveyance_preference }}"
  user_verification: "{{ authelia_config_webauthn_user_verification }}"
authelia_config_duo_api:
  hostname: "{{ authelia_config_duo_api_hostname }}"
  integration_key: "{{ authelia_config_duo_api_integration_key }}"
  secret_key: "{{ authelia_config_duo_api_secret_key }}"
  enable_self_enrollment: "{{ authelia_config_duo_api_enable_self_enrollment }}"
authelia_config_ntp:
  address: "{{ authelia_config_ntp_address }}"
  version: "{{ authelia_config_ntp_version }}"
  max_desync: "{{ authelia_config_ntp_max_desync }}"
  disable_startup_check: "{{ authelia_config_ntp_disable_startup_check }}"
  disable_failure: "{{ authelia_config_ntp_disable_failure }}"

authelia_config_authentication_backend: >-2
  {{
    {
      "refresh_interval": authelia_config_authentication_backend_refresh_interval,
    }
    | combine({"password_reset": authelia_config_authentication_backend_password_reset}
      if authelia_config_authentication_backend_password_reset_custom_url | default(false, true) else {})
    | combine({"file": authelia_config_authentication_backend_file}
      if authelia_config_authentication_backend_file_path | default(false, true)
      else {"ldap": authelia_config_authentication_backend_ldap})
  }}
authelia_config_authentication_backend_password_reset:
  custom_url: "{{ authelia_config_authentication_backend_password_reset_custom_url }}"
  disable: "{{ authelia_config_authentication_backend_password_reset_disable }}"
authelia_config_authentication_backend_ldap:
  implementation: "{{ authelia_config_authentication_backend_ldap_implementation }}"
  url: "{{ authelia_config_authentication_backend_ldap_url }}"
  timeout: "{{ authelia_config_authentication_backend_ldap_timeout }}"
  start_tls: "{{ authelia_config_authentication_backend_ldap_start_tls }}"
  tls:
    skip_verify: "{{ authelia_config_authentication_backend_ldap_tls_skip_verify }}"
    minimum_version: "{{ authelia_config_authentication_backend_ldap_minimum_version }}"
  base_dn: "{{ authelia_config_authentication_backend_ldap_base_dn }}"
  additional_users_dn: "{{ authelia_config_authentication_backend_ldap_additional_users_dn }}"
  additional_groups_dn: "{{ authelia_config_authentication_backend_ldap_additional_groups_dn }}" 
  users_filter: "{{ authelia_config_authentication_backend_ldap_users_filter }}" 
  groups_filter: "{{ authelia_config_authentication_backend_ldap_groups_filter }}"
  attributes:
    username: "{{ authelia_config_authentication_backend_ldap_attributes_username }}"
    mail: "{{ authelia_config_authentication_backend_ldap_attributes_mail }}"
    display_name: "{{ authelia_config_authentication_backend_ldap_attributes_display_name }}"
    group_name: "{{ authelia_config_authentication_backend_ldap_attributes_group_name }}"
  user: "{{ authelia_config_authentication_backend_ldap_user }}"
  password: "{{ authelia_config_authentication_backend_ldap_password }}"
authelia_config_authentication_backend_file:
  path: "{{ authelia_config_authentication_backend_file_path }}"
  password:
    algorithm: "{{ authelia_config_authentication_backend_file_password_algorithm }}"
    iterations: "{{ authelia_config_authentication_backend_file_password_iterations }}"
    key_length: "{{ authelia_config_authentication_backend_file_password_key_length }}"
    salt_lenght: "{{ authelia_config_authentication_backend_file_password_salt_length }}"
    memory: "{{ authelia_config_authentication_backend_file_password_memory }}"
    parallelism: "{{ authelia_config_authentication_backend_file_password_parallelism }}"
authelia_config_password_policy: >-2
  {{
    {"standard": authelia_config_password_policy_standard}
    if authelia_config_password_policy_standard_enabled
    else {"zxcvbn": authelia_config_password_policy_zxcvbn}
  }}
authelia_config_password_policy_standard:
  enabled: "{{ authelia_config_password_policy_standard_enabled }}"
  min_length: "{{ authelia_config_password_policy_standard_min_length }}"
  max_length: "{{ authelia_config_password_policy_standard_max_length }}"
  require_uppercase: "{{ authelia_config_password_policy_standard_require_uppercase }}"
  require_lowercase: "{{ authelia_config_password_policy_standard_require_lowercase }}"
  require_number: "{{ authelia_config_password_policy_standard_require_number }}"
  require_special: "{{ authelia_config_password_policy_standard_require_special }}"
authelia_config_password_policy_zxcvbn:
  enabled: "{{ authelia_config_password_policy_zxcvbn_enabled }}"
authelia_config_access_control:
  default_policy: "{{ authelia_config_access_control_default_policy }}"
  networks: "{{ authelia_config_access_control_networks }}"
  rules: "{{ authelia_config_access_control_rules }}"
authelia_config_session:
  name: "{{ authelia_config_session_name }}"
  domain: "{{ authelia_config_session_domain }}"
  same_site: "{{ authelia_config_session_same_site }}"
  secret: "{{ authelia_config_session_secret }}"
  expiration: "{{ authelia_config_session_expiration }}" 
  inactivity: "{{ authelia_config_session_inactivity }}"
  remember_me: "{{ authelia_config_session_remember_me }}"
authelia_config_session_redis: >-2
  {{
    {
      "host": authelia_config_session_redis_host,
      "database_index": authelia_config_session_redis_database_index,
      "maximum_active_connections": authelia_config_session_redis_maximum_active_connections,
      "minimum_idle_connections": authelia_config_session_redis_minimum_idle_connections
    }
    | combine({"password": authelia_config_session_redis_password}
      if authelia_config_session_redis_password | default(false, true) else {})
    | combine({"username": authelia_config_session_redis_username}
      if authelia_config_session_redis_username | default(false, true) else {})
    | combine({"port": authelia_config_session_redis_port}
      if '/' not in authelia_config_session_redis_host else {})
    | combine({"tls": authelia_config_session_redis_tls}
      if authelia_config_session_redis_enable_tls | default(false, true) else {})
  }}
authelia_config_session_redis_tls: >-2
  {{
    {
      "skip_verify": authelia_config_session_redis_tls_skip_verify,
      "minimum_version": authelia_config_session_redis_tls_minimum_version,
    }
    | combine({"server_name": authelia_config_session_redis_tls_server_name}
      if authelia_config_session_redis_tls_server_name | default(false, true) else {})
  }}
authelia_config_regulation:
  max_retries: "{{ authelia_config_regulation_max_retries }}"
  find_time: "{{ authelia_config_regulation_find_time }}"
  ban_time: "{{ authelia_config_regulation_ban_time }}"
authelia_config_storage: >-2
  {{
    { "encryption_key": authelia_config_storage_encryption_key }
    | combine({"local": authelia_config_storage_local}
      if authelia_database_type in ['local', 'sqlite'] else {})
    | combine({"mysql": authelia_config_storage_mysql}
      if authelia_database_type == 'mysql' else {})
    | combine({"postgres": authelia_config_storage_postgres}
      if authelia_database_type in ['postgres', 'postgresql'] else {})
  }}
authelia_config_storage_local:
  path: "{{ authelia_config_storage_local_path }}"
authelia_config_storage_mysql:
  host: "{{ authelia_database_address }}"
  database: "{{ authelia_database_name }}"
  username: "{{ authelia_database_user }}"
  password: "{{ authelia_database_pass }}"
  timeout: "{{ authelia_database_timeout }}"
authelia_config_storage_postgres:
  address: "{{ authelia_database_address }}"
  database: "{{ authelia_database_name }}"
  schema: public
  username: "{{ authelia_database_user }}"
  password: "{{ authelia_database_pass }}"
  timeout: "{{ authelia_database_timeout }}"
authelia_config_storage_postgres_ssl:
  mode: "{{ authelia_config_storage_postgres_ssl_mode }}"
  root_certificate: "{{ authelia_config_storage_postgres_ssl_root_certificate }}"
  certificate: "{{ authelia_config_storage_postgres_ssl_certificate }}"
  key: "{{ authelia_config_storage_postgres_ssl_key }}"
authelia_config_notifier: >-2
  {{
    {
      "disable_startup_check": authelia_config_notifier_disable_startup_check
    }
    | combine({"filesystem": authelia_config_notifier_filesystem}
      if authelia_config_notifier_filesystem_filename else {})
    | combine({"smtp": authelia_config_notifier_smtp}
      if not authelia_config_notifier_filesystem_filename else {})
  }}
authelia_config_notifier_filesystem:
  filename: "{{ authelia_config_notifier_filesystem_filename }}"
authelia_config_notifier_smtp:
  address: "{{ authelia_config_notifier_smtp_address }}"
  timeout: "{{ authelia_config_notifier_smtp_timeout }}"
  username: "{{ authelia_config_notifier_smtp_username }}"
  password: "{{ authelia_config_notifier_smtp_password }}"
  sender: "{{ authelia_config_notifier_smtp_sender }}"
  identifier: "{{ authelia_config_notifier_smtp_identifier }}"
  subject: "{{ authelia_config_notifier_smtp_subject }}"
  startup_check_address: "{{ authelia_config_notifier_smtp_startup_check_address }}"
  disable_require_tls: "{{ authelia_config_notifier_smtp_disable_require_tls }}"
  disable_html_emails: "{{ authelia_config_notifier_smtp_disable_html_emails }}"
  tls:
    skip_verify: "{{ authelia_config_notifier_smtp_tls_skip_verify }}"
    minimum_version: "{{ authelia_config_notifier_smtp_tls_minimum_version }}"