working

docker/authelia/config/configuration.acl.yml

@@ -3,22 +3,99 @@ access_control:
   rules:
 
    # Allow free access from local network
-    - domain: "*.{{ env "TRAEFIK_DOMAIN" }}"
+  #   - domain: "*.{{ env "TRAEFIK_DOMAIN" }}"
-      policy: bypass
+  #     policy: bypass
-      networks:
+  #     networks:
-      - 192.168.0.0/16
+  #     - 192.168.0.0/16
-      - 172.16.0.0/12
+  #     - 172.16.0.0/12
-      - 10.0.0.0/8
+  #     - 10.0.0.0/8
 
-  #  Put WAN Access rules here
+  # #  Put WAN Access rules here
-    - domain: {{ env "TRAEFIK_DOMAIN" }}
+  #   - domain: {{ env "TRAEFIK_DOMAIN" }}
+  #     resources:
+  #       - "^/.well-known([/?].*)?$"
+  #     policy: bypass
+
+  #   - domain: {{ env "TRAEFIK_DOMAIN" }}
+  #     subject: "group:admin"
+  #     policy: two_factor
+
+  #   - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
+  #     policy: bypass
+
+    - domain: "*.nixc.us"
+      subject:
+        - "group:admins"
+    #    - "group:dev"
+      policy: one_factor
+    # traefik monitor
+    - domain: 
+        - "monitor-ertest.nixc.us"
+      subject:
+        - "group:monitor-ertest"
+      policy: one_factor
+    # guacamole
+    - domain: 
+        - "guac.nixc.us"
+      subject:
+        - "group:guac"
+      policy: one_factor
+    # uptime-kuma
+    - domain: 
+        - "uptime.nixc.us"
+      subject:
+        - "group:uptime-kuma"
+      policy: one_factor
+    # Filebrowser and Bypass
+    - domain:
+        - "fb.nixc.us"
+        - "fbi.nixc.us"
+      subject:
+        - "group:admins"
+      policy: one_factor
+    - domain:
+        - "fb.nixc.us"
+        - "fbi.nixc.us"
+      policy: bypass
       resources:
-        - "^/.well-known([/?].*)?$"
+        - '^/api/(.*)?$'
-      policy: bypass
+        - '^/share/(.*)?$'
+        - '^/static/(.*)?$'
+    ## Transfer.sh
+    - domain:
+        - "tx.nixc.us"
+      subject:
+        - "group:transfer"
+      policy: one_factor
+    ## Firefox
+    - domain:
+        - "ff.nixc.us"
+      subject:
+        - "group:firefox"
+      policy: one_factor
 
-    - domain: {{ env "TRAEFIK_DOMAIN" }}
-      subject: "group:admin"
-      policy: two_factor
 
-    - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
+    ## Meta
-      policy: bypass
+    - domain:
+        - "oracle.nixc.us"
+      subject:
+        - "group:meta"
+      policy: one_factor
+    ## Stash
+    - domain:
+        - "fb.nixc.us"
+      subject:
+        - "group:fansdb"
+      policy: one_factor
+    # Filebrowser and Bypass
+    - domain:
+        - "fb-stash.nixc.us"
+      subject:
+        - "group:stash_admin"
+      policy: one_factor
+    # Graylog access
+    - domain: 
+        - "log.nixc.us"
+      subject:
+        - "group:graylog"
+      policy: one_factor