serve:
  public:
    base_url: http://auth.server.lan/.ory/kratos/public/
    port: 4433
    cors:
      enabled: true
      allowed_origins:
        - http://server.lan
        - http://*.server.lan
        - http://*.dev.server.lan
      allowed_methods:
        - POST
        - GET
        - PUT
        - PATCH
        - DELETE
  admin:
    base_url: http://kratos:4434/

selfservice:
  default_browser_return_url: http://auth.server.lan/
  whitelisted_return_urls:
    - http://auth.server.lan/
    - http://auth.server.lan/auth/hydra/login

  methods:
    password:
      enabled: true

  flows:

    error:
      ui_url: http://auth.server.lan/error

    settings:
      ui_url: http://auth.server.lan/settings

    verification:
      ui_url: http://auth.server.lan/verification
      enabled: false

    recovery:
      ui_url: http://auth.server.lan/recovery
      enabled: false

    logout:
      after:
        default_browser_return_url: http://auth.server.lan/auth/login

    login:
      ui_url: http://auth.server.lan/auth/login

    registration:
      ui_url: http://auth.server.lan/auth/registration
      after:
        password:
          hooks:
            -
              hook: session

log:
  level: debug
  leak_sensitive_values: true

hashers:
  argon2:
    parallelism: 1
    memory: 131072
    iterations: 2
    salt_length: 16
    key_length: 16

identity:
  default_schema_url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true


session:
  cookie:
    persistent: true
    #same_site: None
    domain: server.lan
  lifespan: 1h