{%- set WEBACCESS = salt['pillar.get']('global:url_base', '') -%}
{%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}

selfservice:
  strategies:
    password:
      enabled: true

  settings:
    privileged_session_max_age: 1m
    after:
      profile:
        hooks:
          - hook: verify
          
  verify:
    return_to: https://{{ WEBACCESS }}/

  logout:
    redirect_to: https://{{ WEBACCESS }}/login/

  login:
    request_lifespan: 10m

  registration:
    request_lifespan: 10m
    after:
      password:
        hooks:
          - hook: session
          - hook: verify

log:
  level: debug
  format: json

secrets:
  session:
    - {{ KRATOSKEY }}

urls:
  login_ui: https://{{ WEBACCESS }}/login/
  registration_ui: https://{{ WEBACCESS }}/login/
  error_ui: https://{{ WEBACCESS }}/login/
  settings_ui: https://{{ WEBACCESS }}/?r=/settings
  verify_ui: https://{{ WEBACCESS }}/
  mfa_ui: https://{{ WEBACCESS }}/

  self:
    public: https://{{ WEBACCESS }}/auth/
    admin: https://{{ WEBACCESS }}/kratos/
  default_return_to: https://{{ WEBACCESS }}/
  whitelisted_return_to_urls:
    - http://127.0.0.1

hashers:
  argon2:
    parallelism: 2
    memory: 16384
    iterations: 3
    salt_length: 16
    key_length: 32

identity:
  traits:
    default_schema_url: file:///kratos-conf/schema.json

courier:
  smtp:
    connection_uri: smtps://{{ WEBACCESS }}:25