colin
/
ATLAS
forked from Nixius/authelia
1
0
Fork 0
Code Pull Requests Activity
ATLAS/docker/authelia/config/configuration.acl.yml

101 lines
2.1 KiB
YAML
Raw Blame History

access_control:
default_policy: deny
rules:
# Allow free access from local network
# - domain: "*.{{ env "TRAEFIK_DOMAIN" }}"
# policy: bypass
# networks:
# - 192.168.0.0/16
# - 172.16.0.0/12
# - 10.0.0.0/8
# # Put WAN Access rules here
# - domain: {{ env "TRAEFIK_DOMAIN" }}
# resources:
# - "^/.well-known([/?].*)?$"
# policy: bypass
# - domain: {{ env "TRAEFIK_DOMAIN" }}
# subject: "group:admin"
# policy: two_factor
# - domain: headscale.{{ env "TRAEFIK_DOMAIN" }}
# policy: bypass
- domain: "*.nixc.us"
subject:
- "group:admins"
# - "group:dev"
policy: one_factor
# traefik monitor
- domain:
- "monitor-ertest.nixc.us"
subject:
- "group:monitor-ertest"
policy: one_factor
# guacamole
- domain:
- "guac.nixc.us"
subject:
- "group:guac"
policy: one_factor
# uptime-kuma
- domain:
- "uptime.nixc.us"
subject:
- "group:uptime-kuma"
policy: one_factor
# Filebrowser and Bypass
- domain:
- "fb.nixc.us"
- "fbi.nixc.us"
subject:
- "group:admins"
policy: one_factor
- domain:
- "fb.nixc.us"
- "fbi.nixc.us"
policy: bypass
resources:
- '^/api/(.*)?$'
- '^/share/(.*)?$'
- '^/static/(.*)?$'
## Transfer.sh
- domain:
- "tx.nixc.us"
subject:
- "group:transfer"
policy: one_factor
## Firefox
- domain:
- "ff.nixc.us"
subject:
- "group:firefox"
policy: one_factor
## Meta
- domain:
- "oracle.nixc.us"
subject:
- "group:meta"
policy: one_factor
## Stash
- domain:
- "fb.nixc.us"
subject:
- "group:fansdb"
policy: one_factor
# Filebrowser and Bypass
- domain:
- "fb-stash.nixc.us"
subject:
- "group:stash_admin"
policy: one_factor
# Graylog access
- domain:
- "log.nixc.us"
subject:
- "group:graylog"
policy: one_factor
View Git Blame Copy Permalink