`auth.yaml`¶

Source: config/auth.yaml
ip_gate:
  default_trust_duration: 30d
  durations_allowed: [24h, 7d, 30d, 90d]
  rate_limit_per_ip:
    request_access: { max: 5, window_seconds: 3600 }
    verify:         { max: 10, window_seconds: 600 }

trusted_proxies:
  - 172.20.0.0/16   # homelab Docker network, where Caddy lives

internal_cidrs:
  - 172.20.0.0/16

immich:
  internal_url: http://immich-server:2283
  external_url: ${DONNA_IMMICH_EXTERNAL_URL:-https://immich.example.com}
  admin_api_key_env: IMMICH_ADMIN_API_KEY
  user_cache_ttl_seconds: 60
  allowlist_sync_interval_seconds: 900
  allowlist_stale_tolerance_seconds: 86400

device_tokens:
  sliding_window_days: 90
  absolute_max_days: 365
  max_per_user: 10

email:
  from: ${DONNA_EMAIL_FROM:-donna@example.com}
  subject: "Donna access verification"
  verify_base_url: ${DONNA_EXTERNAL_URL:-https://donna.example.com}/auth/verify
  token_expiry_minutes: 15

bootstrap:
  admin_email_env: DONNA_BOOTSTRAP_ADMIN_EMAIL
auth.yaml¶

`auth.yaml`¶
