{%- set WEBACCESS = salt['pillar.get']('global:url_base', '') -%}
{%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
{%- set SESSIONTIMEOUT = salt['pillar.get']('kratos:sessiontimeout', '24h') -%}

session:
  lifespan: {{ SESSIONTIMEOUT }}

selfservice:
  methods:
    password:
      enabled: true
      config:
        haveibeenpwned_enabled: false

  flows:
    settings:
      ui_url: https://{{ WEBACCESS }}/?r=/settings

    verification:
      ui_url: https://{{ WEBACCESS }}/

    login:
      ui_url: https://{{ WEBACCESS }}/login/

    error:
      ui_url: https://{{ WEBACCESS }}/login/

    registration:
      ui_url: https://{{ WEBACCESS }}/login/
    
  default_browser_return_url: https://{{ WEBACCESS }}/
  whitelisted_return_urls:
    - http://127.0.0.1

log:
  level: debug
  format: json

secrets:
  default:
    - {{ KRATOSKEY }}

serve:
  public: 
    base_url: https://{{ WEBACCESS }}/auth/
  admin: 
    base_url: https://{{ WEBACCESS }}/kratos/

hashers:
  bcrypt:
    cost: 12

identity:
  default_schema_url: file:///kratos-conf/schema.json

courier:
  smtp:
    connection_uri: smtps://{{ WEBACCESS }}:25