groups: - name: Authelia Configuration description: Configure Authelia - name: User and Group Configuration description: Configure User and Group for Authelia - name: Network Configuration description: Configure Network for Authelia - name: Storage Configuration description: Configure Storage for Authelia - name: Labels Configuration description: Configure Labels for Authelia - name: Resources Configuration description: Configure Resources for Authelia questions: - variable: TZ group: Authelia Configuration label: Timezone schema: type: string default: Etc/UTC required: true $ref: - definitions/timezone - variable: authelia label: "" group: Authelia Configuration schema: type: dict attrs: - variable: postgres_image_selector label: Postgres Image (CAUTION) description: | If you are changing this after the postgres directory has been initialized,
STOP! and make sure you have a backup of your data.
Changing this will trigger an one way database upgrade.
You can only select newer versions of postgres.
Selecting an older version will refuse to start.
If something goes wrong, you will have to restore from backup. schema: type: string default: postgres_17_image required: true enum: - value: postgres_17_image description: Postgres 17 - variable: db_password label: Database Password description: The password for Authelia. schema: type: string default: "" required: true private: true - variable: redis_password label: Redis Password description: The password for Redis. schema: type: string default: "" required: true private: true - variable: encryption_key label: Encryption Key description: Sets `storage.encryption_key` in the configuration file. schema: type: string default: "" min_length: 20 required: true private: true - variable: jwt_secret label: JWT Secret description: Sets `identity_validation.reset_password.jwt_secret` in the configuration file. schema: type: string default: "" required: true private: true - variable: session_secret label: Session Secret description: Sets `session.secret` in the configuration file. schema: type: string default: "" required: true private: true - variable: use_dummy_config label: Use Dummy Configuration description: | With this enabled, it just creates a dummy configuration file to make Authelia start.
You should disable this and use your own configuration file. schema: type: boolean default: true - variable: config_path label: Config Path description: | Where authelia should look for the configuration file.
This file must exist when Authelia starts.
It can also be a directory like `/config/config.d`.
In this case you need at least one file in that directory. schema: type: path show_if: [["use_dummy_config", "=", false]] default: /config/configuration.yaml valid_chars: "^/config/.*$" valid_chars_error: "The path must start with /config/" required: true - variable: base_path label: Base Path description: | If the path is configured to anything other than / requests will be handled for both / and the configured path.
For example if configured to /authelia then requests will be handled for both the / and /authelia/ path. schema: type: string default: "/" valid_chars: "^\/.*$" valid_chars_error: "The path must start with /" show_if: [["use_dummy_config", "=", false]] - variable: additional_envs label: Additional Environment Variables schema: type: list default: [] items: - variable: env label: Environment Variable schema: type: dict attrs: - variable: name label: Name schema: type: string required: true - variable: value label: Value schema: type: string - variable: run_as label: "" group: User and Group Configuration schema: type: dict attrs: - variable: user label: User ID description: The user id that Authelia files will be owned by. schema: type: int min: 568 default: 568 required: true - variable: group label: Group ID description: The group id that Authelia files will be owned by. schema: type: int min: 568 default: 568 required: true - variable: network label: "" group: Network Configuration schema: type: dict attrs: - variable: web_port label: WebUI Port schema: type: dict attrs: - variable: bind_mode label: Port Bind Mode description: | The port bind mode.
- Publish: The port will be published on the host for external access.
- Expose: The port will be exposed for inter-container communication.
- None: The port will not be exposed or published.
Note: If the Dockerfile defines an EXPOSE directive, the port will still be exposed for inter-container communication regardless of this setting. schema: type: string default: "published" enum: - value: "published" description: Publish port on the host for external access - value: "exposed" description: Expose port for inter-container communication - value: "" description: None - variable: port_number label: Port Number schema: type: int default: 30133 min: 1 max: 65535 required: true - variable: host_ips label: Host IPs description: IPs on the host to bind this port schema: type: list show_if: [["bind_mode", "=", "published"]] default: [] items: - variable: host_ip label: Host IP schema: type: string required: true $ref: - definitions/node_bind_ip - variable: storage label: "" group: Storage Configuration schema: type: dict attrs: - variable: config label: Config Storage description: The path to store config. schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system. schema: type: string required: true default: "ix_volume" enum: - value: "host_path" description: Host Path (Path that already exists on the system) - value: "ix_volume" description: ixVolume (Dataset created automatically by the system) - variable: ix_volume_config label: ixVolume Configuration description: The configuration for the ixVolume dataset. schema: type: dict show_if: [["type", "=", "ix_volume"]] $ref: - "normalize/ix_volume" attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: dataset_name label: Dataset Name description: The name of the dataset to use for storage. schema: type: string required: true hidden: true default: "config" - variable: acl_entries label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] - variable: host_path_config label: Host Path Configuration schema: type: dict show_if: [["type", "=", "host_path"]] attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: acl label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: path label: Host Path description: The host path to use for storage. schema: type: hostpath show_if: [["acl_enable", "=", false]] required: true - variable: auto_permissions label: Automatic Permissions description: | Automatically set permissions for the host path. Enabling this, will check the top level directory,
If it finds incorrect permissions, it will `chown` the host path to the user and group required for the postgres container. schema: type: boolean default: false show_if: [["acl_enable", "=", false]] - variable: postgres_data label: Postgres Data Storage description: The path to store Postgres Data. schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system. schema: type: string required: true default: "ix_volume" enum: - value: "host_path" description: Host Path (Path that already exists on the system) - value: "ix_volume" description: ixVolume (Dataset created automatically by the system) - variable: ix_volume_config label: ixVolume Configuration description: The configuration for the ixVolume dataset. schema: type: dict show_if: [["type", "=", "ix_volume"]] $ref: - "normalize/ix_volume" attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: dataset_name label: Dataset Name description: The name of the dataset to use for storage. schema: type: string required: true hidden: true default: "pg_data" - variable: acl_entries label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] - variable: host_path_config label: Host Path Configuration schema: type: dict show_if: [["type", "=", "host_path"]] attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: acl label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: path label: Host Path description: The host path to use for storage. schema: type: hostpath show_if: [["acl_enable", "=", false]] required: true - variable: auto_permissions label: Automatic Permissions description: | Automatically set permissions for the host path. Enabling this, will check the top level directory,
If it finds incorrect permissions, it will `chown` the host path to the user and group required for the postgres container. schema: type: boolean default: false show_if: [["acl_enable", "=", false]] - variable: additional_storage label: Additional Storage schema: type: list default: [] items: - variable: storageEntry label: Storage Entry schema: type: dict attrs: - variable: type label: Type description: | ixVolume: Is dataset created automatically by the system.
Host Path: Is a path that already exists on the system.
SMB Share: Is a SMB share that is mounted to as a volume. schema: type: string required: true default: "ix_volume" enum: - value: "host_path" description: Host Path (Path that already exists on the system) - value: "ix_volume" description: ixVolume (Dataset created automatically by the system) - value: "cifs" description: SMB/CIFS Share (Mounts a volume to a SMB share) - variable: read_only label: Read Only description: Mount the volume as read only. schema: type: boolean default: false - variable: mount_path label: Mount Path description: The path inside the container to mount the storage. schema: type: path required: true - variable: host_path_config label: Host Path Configuration schema: type: dict show_if: [["type", "=", "host_path"]] attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: acl label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: path label: Host Path description: The host path to use for storage. schema: type: hostpath show_if: [["acl_enable", "=", false]] required: true - variable: ix_volume_config label: ixVolume Configuration description: The configuration for the ixVolume dataset. schema: type: dict show_if: [["type", "=", "ix_volume"]] $ref: - "normalize/ix_volume" attrs: - variable: acl_enable label: Enable ACL description: Enable ACL for the storage. schema: type: boolean default: false - variable: dataset_name label: Dataset Name description: The name of the dataset to use for storage. schema: type: string required: true default: "storage_entry" - variable: acl_entries label: ACL Configuration schema: type: dict show_if: [["acl_enable", "=", true]] attrs: [] $ref: - "normalize/acl" - variable: cifs_config label: SMB Configuration description: The configuration for the SMB dataset. schema: type: dict show_if: [["type", "=", "cifs"]] attrs: - variable: server label: Server description: The server to mount the SMB share. schema: type: string required: true - variable: path label: Path description: The path to mount the SMB share. schema: type: string required: true - variable: username label: Username description: The username to use for the SMB share. schema: type: string required: true - variable: password label: Password description: The password to use for the SMB share. schema: type: string required: true private: true - variable: domain label: Domain description: The domain to use for the SMB share. schema: type: string - variable: labels label: "" group: Labels Configuration schema: type: list default: [] items: - variable: label label: Label schema: type: dict attrs: - variable: key label: Key schema: type: string required: true - variable: value label: Value schema: type: string required: true - variable: containers label: Containers description: Containers where the label should be applied schema: type: list items: - variable: container label: Container schema: type: string required: true enum: - value: authelia description: authelia - value: postgres description: postgres - value: redis description: redis - variable: resources label: "" group: Resources Configuration schema: type: dict attrs: - variable: limits label: Limits schema: type: dict attrs: - variable: cpus label: CPUs description: CPUs limit for Authelia. schema: type: int default: 2 required: true - variable: memory label: Memory (in MB) description: Memory limit for Authelia. schema: type: int default: 4096 required: true