Add two-factor authentication for sensitive admin services
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/push/woodpecker Pipeline was successful
Details
This commit is contained in:
Your Name
parent
e70fed6ad8
commit
507378655a
|
|
@ -23,6 +23,16 @@ access_control:
|
|||
# - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
|
||||
# policy: bypass
|
||||
|
||||
# Admin services require two-factor authentication
|
||||
- domain:
|
||||
- "portainer.nixc.us"
|
||||
- "login.nixc.us"
|
||||
- "git.nixc.us"
|
||||
subject:
|
||||
- "group:admins"
|
||||
policy: two_factor
|
||||
|
||||
# General admin access (less sensitive services)
|
||||
- domain: "*.nixc.us"
|
||||
subject:
|
||||
- "group:admins"
|
||||
|
|
@ -90,12 +100,12 @@ access_control:
|
|||
subject:
|
||||
- "group:stash_admin"
|
||||
policy: one_factor
|
||||
# Graylog access
|
||||
# Graylog access (sensitive logs require two-factor)
|
||||
- domain:
|
||||
- "log.nixc.us"
|
||||
subject:
|
||||
- "group:graylog"
|
||||
policy: one_factor
|
||||
policy: two_factor
|
||||
# whisper access
|
||||
- domain:
|
||||
- "whisper.nixc.us"
|
||||
|
|
|
|||
Loading…
Reference in New Issue