From 85bad786c0c7e7bdf0c8e27079dbf9ca3486b19d Mon Sep 17 00:00:00 2001
From: Colin <colin@nixc.us>
Date: Sun, 7 Apr 2024 22:05:28 -0400
Subject: [PATCH] working

---
 docker/authelia/config/configuration.acl.yml | 107 ++++++++++++++++---
 1 file changed, 92 insertions(+), 15 deletions(-)

diff --git a/docker/authelia/config/configuration.acl.yml b/docker/authelia/config/configuration.acl.yml
index 3e41bc0..224dc6a 100644
--- a/docker/authelia/config/configuration.acl.yml
+++ b/docker/authelia/config/configuration.acl.yml
@@ -3,22 +3,99 @@ access_control:
   rules:
 
    # Allow free access from local network
-    - domain: "*.{{ env "TRAEFIK_DOMAIN" }}"
-      policy: bypass
-      networks:
-      - 192.168.0.0/16
-      - 172.16.0.0/12
-      - 10.0.0.0/8
+  #   - domain: "*.{{ env "TRAEFIK_DOMAIN" }}"
+  #     policy: bypass
+  #     networks:
+  #     - 192.168.0.0/16
+  #     - 172.16.0.0/12
+  #     - 10.0.0.0/8
 
-  #  Put WAN Access rules here
-    - domain: {{ env "TRAEFIK_DOMAIN" }}
+  # #  Put WAN Access rules here
+  #   - domain: {{ env "TRAEFIK_DOMAIN" }}
+  #     resources:
+  #       - "^/.well-known([/?].*)?$"
+  #     policy: bypass
+
+  #   - domain: {{ env "TRAEFIK_DOMAIN" }}
+  #     subject: "group:admin"
+  #     policy: two_factor
+
+  #   - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
+  #     policy: bypass
+
+    - domain: "*.nixc.us"
+      subject:
+        - "group:admins"
+    #    - "group:dev"
+      policy: one_factor
+    # traefik monitor
+    - domain: 
+        - "monitor-ertest.nixc.us"
+      subject:
+        - "group:monitor-ertest"
+      policy: one_factor
+    # guacamole
+    - domain: 
+        - "guac.nixc.us"
+      subject:
+        - "group:guac"
+      policy: one_factor
+    # uptime-kuma
+    - domain: 
+        - "uptime.nixc.us"
+      subject:
+        - "group:uptime-kuma"
+      policy: one_factor
+    # Filebrowser and Bypass
+    - domain:
+        - "fb.nixc.us"
+        - "fbi.nixc.us"
+      subject:
+        - "group:admins"
+      policy: one_factor
+    - domain:
+        - "fb.nixc.us"
+        - "fbi.nixc.us"
+      policy: bypass
       resources:
-        - "^/.well-known([/?].*)?$"
-      policy: bypass
+        - '^/api/(.*)?$'
+        - '^/share/(.*)?$'
+        - '^/static/(.*)?$'
+    ## Transfer.sh
+    - domain:
+        - "tx.nixc.us"
+      subject:
+        - "group:transfer"
+      policy: one_factor
+    ## Firefox
+    - domain:
+        - "ff.nixc.us"
+      subject:
+        - "group:firefox"
+      policy: one_factor
 
-    - domain: {{ env "TRAEFIK_DOMAIN" }}
-      subject: "group:admin"
-      policy: two_factor
 
-    - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
-      policy: bypass
\ No newline at end of file
+    ## Meta
+    - domain:
+        - "oracle.nixc.us"
+      subject:
+        - "group:meta"
+      policy: one_factor
+    ## Stash
+    - domain:
+        - "fb.nixc.us"
+      subject:
+        - "group:fansdb"
+      policy: one_factor
+    # Filebrowser and Bypass
+    - domain:
+        - "fb-stash.nixc.us"
+      subject:
+        - "group:stash_admin"
+      policy: one_factor
+    # Graylog access
+    - domain: 
+        - "log.nixc.us"
+      subject:
+        - "group:graylog"
+      policy: one_factor
\ No newline at end of file