Nixius
/
authelia
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add two-factor authentication for sensitive admin services
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
Your Name 2025-06-06 11:44:10 -04:00
parent e70fed6ad8
commit 507378655a
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docker/authelia/config/configuration.acl.yml
View File

@ -23,6 +23,16 @@ access_control:
# - domain: headscale.{{ env "TRAEFIK_DOMAIN" }} # - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
# policy: bypass # policy: bypass
# Admin services require two-factor authentication
- domain:
- "portainer.nixc.us"
- "login.nixc.us"
- "git.nixc.us"
subject:
- "group:admins"
policy: two_factor
# General admin access (less sensitive services)
- domain: "*.nixc.us" - domain: "*.nixc.us"
subject: subject:
- "group:admins" - "group:admins"
@ -90,12 +100,12 @@ access_control:
subject: subject:
- "group:stash_admin" - "group:stash_admin"
policy: one_factor policy: one_factor
# Graylog access # Graylog access (sensitive logs require two-factor)
- domain: - domain:
- "log.nixc.us" - "log.nixc.us"
subject: subject:
- "group:graylog" - "group:graylog"
policy: one_factor policy: two_factor
# whisper access # whisper access
- domain: - domain:
- "whisper.nixc.us" - "whisper.nixc.us"