authentik/authentik/lib/default.yml

# This is the default configuration file
postgresql:
  host: localhost
  name: authentik
  user: authentik
  port: 5432
  password: 'env://POSTGRES_PASSWORD'

web:
  listen: 0.0.0.0:9000
  listen_tls: 0.0.0.0:9443
  listen_metrics: 0.0.0.0:9300
  outpost_port_offset: 0

redis:
  host: localhost
  port: 6379
  password: ''
  tls: false
  tls_reqs: "none"
  cache_db: 0
  message_queue_db: 1
  ws_db: 2
  outpost_session_db: 3
  cache_timeout: 300
  cache_timeout_flows: 300
  cache_timeout_policies: 300
  cache_timeout_reputation: 300

debug: false

log_level: info

# Error reporting, sends stacktrace to sentry.beryju.org
error_reporting:
  enabled: false
  environment: customer
  send_pii: false
  sample_rate: 0.5

# Global email settings
email:
  host: localhost
  port: 25
  username: ""
  password: ""
  use_tls: false
  use_ssl: false
  timeout: 10
  from: authentik@localhost

outposts:
  # Placeholders:
  # %(type)s: Outpost type; proxy, ldap, etc
  # %(version)s: Current version; 2021.4.1
  # %(build_hash)s: Build hash if you're running a beta version
  container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s

cookie_domain: null
disable_update_check: false
disable_startup_analytics: false
avatars: env://AUTHENTIK_AUTHENTIK__AVATARS?gravatar
geoip: "./GeoLite2-City.mmdb"

footer_links:
  - name: Documentation
    href: https://goauthentik.io/docs/?utm_source=authentik
  - name: authentik Website
    href: https://goauthentik.io/?utm_source=authentik

default_user_change_name: true
default_user_change_email: true
default_user_change_username: true

gdpr_compliance: true
cert_discovery_dir: /certs
add lib 2018-11-14 18:14:14 +00:00			`# This is the default configuration file`
config(minor): CONFIG.get -> CONFIG.y 2019-09-30 16:04:04 +00:00			`postgresql:`
add lib 2018-11-14 18:14:14 +00:00			`host: localhost`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			`name: authentik`
			`user: authentik`
root: make database port configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-10 17:25:09 +00:00			`port: 5432`
ci(minor): fix default settings so CI works 2019-10-01 11:22:38 +00:00			`password: 'env://POSTGRES_PASSWORD'`
config(minor): CONFIG.get -> CONFIG.y 2019-09-30 16:04:04 +00:00
gproxy: load default config file for debug and listen statements Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-04 12:07:12 +00:00			`web:`
			`listen: 0.0.0.0:9000`
			`listen_tls: 0.0.0.0:9443`
lib: fix default listening port for metrics Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-09 14:40:39 +00:00			`listen_metrics: 0.0.0.0:9300`
outpost/proxyv2: allow port offset via yaml Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-08 19:01:17 +00:00			`outpost_port_offset: 0`
gproxy: load default config file for debug and listen statements Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-04 12:07:12 +00:00
config(minor): CONFIG.get -> CONFIG.y 2019-09-30 16:04:04 +00:00			`redis:`
			`host: localhost`
Allow for Configurable Redis Port (#1124) * root: make redis port configurable * root: parse redis port from config as an integer * code formatting * lifecycle: truncate line under 100 chars * lifecycle: incorrect indenting on newline 2021-07-12 09:01:41 +00:00			`port: 6379`
config(minor): CONFIG.get -> CONFIG.y 2019-09-30 16:04:04 +00:00			`password: ''`
root: optional TLS support on redis connections (#1147) * root: optional TLS support on redis connections * root: don't use f-strings when not interpolating variables * root: use f-string in redis protocol prefix interpolation * root: glaring typo * formatting * small formatting change I missed * root: swap around default redis protocol prefixes 2021-07-15 09:48:52 +00:00			`tls: false`
root: celery requires additional parameters when tls is enabled (#1148) 2021-07-16 06:51:09 +00:00			`tls_reqs: "none"`
config(minor): CONFIG.get -> CONFIG.y 2019-09-30 16:04:04 +00:00			`cache_db: 0`
			`message_queue_db: 1`
root: fix channels not loading redis connection details 2020-09-14 12:21:43 +00:00			`ws_db: 2`
outpost/embedded: use redis session backend Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-08-07 20:12:22 +00:00			`outpost_session_db: 3`
root: make general cache timeouts configurable closes #974 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-21 08:18:49 +00:00			`cache_timeout: 300`
			`cache_timeout_flows: 300`
			`cache_timeout_policies: 300`
			`cache_timeout_reputation: 300`
core: revert to cherrypy for main webserver and use daphne only for app_gw 2019-07-04 13:23:05 +00:00
fix failing docker build and failing helm packaging 2019-02-13 15:41:51 +00:00			`debug: false`
website: add docs for compose configuration options 2021-03-12 15:43:31 +00:00
Proxy v2 (#189) 2020-09-02 22:04:12 +00:00			`log_level: info`
config(minor): CONFIG.get -> CONFIG.y 2019-09-30 16:04:04 +00:00
root(minor): disable error reporting by default 2019-11-20 12:12:37 +00:00			`# Error reporting, sends stacktrace to sentry.beryju.org`
Replace Elastic APM with Sentry APM (#183) 2020-08-20 18:39:21 +00:00			`error_reporting:`
			`enabled: false`
			`environment: customer`
root: when error_reporting is enabled, don't sent pii data by default 2020-08-20 20:19:49 +00:00			`send_pii: false`
root: add missing sample_rate default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-12-02 18:54:37 +00:00			`sample_rate: 0.5`
add lib 2018-11-14 18:14:14 +00:00
root: global email settings (#448) * root: make global email settings configurable * stages/email: add use_global_settings * stages/email: add test_email command to test email sending * stages/email: update email template * stages/email: simplify email template path * stages/email: add support for user-supplied email templates * stages/email: add tests for sending and templates * stages/email: only add custom template if permissions are correct * docs: add custom email template docs * root: add /templates volume in docker-compose by default * stages/email: fix form not allowing custom templates * stages/email: use relative path for custom templates * stages/email: check if all templates exist on startup, reset * docs: add global email docs for docker-compose * helm: add email config to helm chart * helm: load all secrets with env prefix * helm: move s3 and smtp secret to secret * stages/email: fix test for relative name * stages/email: add argument to send email from existing stage * stages/email: set uid using slug of message id * stages/email: ensure template validation ignores migration runs * docs: add email troubleshooting docs * stages/email: fix long task_name breaking task list 2021-01-04 23:41:10 +00:00			`# Global email settings`
			`email:`
			`host: localhost`
			`port: 25`
			`username: ""`
			`password: ""`
			`use_tls: false`
			`use_ssl: false`
			`timeout: 10`
			`from: authentik@localhost`

outposts: make docker image prefix configurable 2020-11-15 23:34:51 +00:00			`outposts:`
outposts: allow better configuration of outpost image name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-04-29 18:07:53 +00:00			`# Placeholders:`
			`# %(type)s: Outpost type; proxy, ldap, etc`
			`# %(version)s: Current version; 2021.4.1`
outposts: add build_hash for docker image Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-12 18:36:18 +00:00			`# %(build_hash)s: Build hash if you're running a beta version`
*: revert to using GHCR directly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-12-21 12:54:49 +00:00			`container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s`
outposts: make docker image prefix configurable 2020-11-15 23:34:51 +00:00
root: add cookie domain setting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-20 16:26:22 +00:00			`cookie_domain: null`
admin: migrate to new update check, add option to disable update check Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-09-11 18:35:23 +00:00			`disable_update_check: false`
internal: start embedded outpost directly after backend is healthy instead of waiting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-04 12:16:53 +00:00			`disable_startup_analytics: false`
core: add support for custom urls for avatars Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-22 10:24:23 +00:00			`avatars: env://AUTHENTIK_AUTHENTIK__AVATARS?gravatar`
			`geoip: "./GeoLite2-City.mmdb"`

			`footer_links:`
			`- name: Documentation`
lib: add utm_source to default links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-20 15:31:27 +00:00			`href: https://goauthentik.io/docs/?utm_source=authentik`
core: add support for custom urls for avatars Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-06-22 10:24:23 +00:00			`- name: authentik Website`
lib: add utm_source to default links Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-20 15:31:27 +00:00			`href: https://goauthentik.io/?utm_source=authentik`
core: make defaults for _change_email and _change_username configurable closes #1789 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-13 21:33:03 +00:00
core: add goauthentik.io/user/can-change-name closes #2054 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-01-04 18:03:12 +00:00			`default_user_change_name: true`
core: make defaults for _change_email and _change_username configurable closes #1789 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-13 21:33:03 +00:00			`default_user_change_email: true`
			`default_user_change_username: true`
events: add gdpr_compliance option Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1551 2021-11-16 10:29:13 +00:00
			`gdpr_compliance: true`
crypto: add certificate discovery to automatically import certificates from lets encrypt Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1835 2021-12-03 17:27:06 +00:00			`cert_discovery_dir: /certs`