working

2024-04-07 22:05:28 -04:00 · 2024-04-07 22:05:28 -04:00 · 85bad786c0
parent c485356bdd
commit 85bad786c0
1 changed files with 92 additions and 15 deletions
--- a/docker/authelia/config/configuration.acl.yml
+++ b/docker/authelia/config/configuration.acl.yml
@ -3,22 +3,99 @@ access_control:
  rules:

   # Allow free access from local network
-    - domain: "*.{{ env "TRAEFIK_DOMAIN" }}"
-      policy: bypass
-      networks:
-      - 192.168.0.0/16
-      - 172.16.0.0/12
-      - 10.0.0.0/8
+  #   - domain: "*.{{ env "TRAEFIK_DOMAIN" }}"
+  #     policy: bypass
+  #     networks:
+  #     - 192.168.0.0/16
+  #     - 172.16.0.0/12
+  #     - 10.0.0.0/8

-  #  Put WAN Access rules here
-    - domain: {{ env "TRAEFIK_DOMAIN" }}
+  # #  Put WAN Access rules here
+  #   - domain: {{ env "TRAEFIK_DOMAIN" }}
+  #     resources:
+  #       - "^/.well-known([/?].*)?$"
+  #     policy: bypass
+
+  #   - domain: {{ env "TRAEFIK_DOMAIN" }}
+  #     subject: "group:admin"
+  #     policy: two_factor
+
+  #   - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
+  #     policy: bypass
+
+    - domain: "*.nixc.us"
+      subject:
+        - "group:admins"
+    #    - "group:dev"
+      policy: one_factor
+    # traefik monitor
+    - domain: 
+        - "monitor-ertest.nixc.us"
+      subject:
+        - "group:monitor-ertest"
+      policy: one_factor
+    # guacamole
+    - domain: 
+        - "guac.nixc.us"
+      subject:
+        - "group:guac"
+      policy: one_factor
+    # uptime-kuma
+    - domain: 
+        - "uptime.nixc.us"
+      subject:
+        - "group:uptime-kuma"
+      policy: one_factor
+    # Filebrowser and Bypass
+    - domain:
+        - "fb.nixc.us"
+        - "fbi.nixc.us"
+      subject:
+        - "group:admins"
+      policy: one_factor
+    - domain:
+        - "fb.nixc.us"
+        - "fbi.nixc.us"
+      policy: bypass
      resources:
-        - "^/.well-known([/?].*)?$"
-      policy: bypass
+        - '^/api/(.*)?$'
+        - '^/share/(.*)?$'
+        - '^/static/(.*)?$'
+    ## Transfer.sh
+    - domain:
+        - "tx.nixc.us"
+      subject:
+        - "group:transfer"
+      policy: one_factor
+    ## Firefox
+    - domain:
+        - "ff.nixc.us"
+      subject:
+        - "group:firefox"
+      policy: one_factor

-    - domain: {{ env "TRAEFIK_DOMAIN" }}
-      subject: "group:admin"
-      policy: two_factor

-    - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
-      policy: bypass
+    ## Meta
+    - domain:
+        - "oracle.nixc.us"
+      subject:
+        - "group:meta"
+      policy: one_factor
+    ## Stash
+    - domain:
+        - "fb.nixc.us"
+      subject:
+        - "group:fansdb"
+      policy: one_factor
+    # Filebrowser and Bypass
+    - domain:
+        - "fb-stash.nixc.us"
+      subject:
+        - "group:stash_admin"
+      policy: one_factor
+    # Graylog access
+    - domain: 
+        - "log.nixc.us"
+      subject:
+        - "group:graylog"
+      policy: one_factor