stacks/homelab/authelia.yaml

98 lines
2.1 KiB
YAML
Raw Normal View History

2023-02-06 12:14:14 -07:00
log:
2023-02-06 13:56:11 -07:00
level: info # error, warn, [info], debug, trace
2023-02-06 12:14:14 -07:00
authentication_backend:
password_reset:
disable: true
file:
path: /run/secrets/users.yaml
totp:
issuer: woozle.org
session:
domain: woozle.org
same_site: strict
2023-02-06 13:56:11 -07:00
redis:
host: redis
port: 6379
database_index: 1
2023-02-06 12:14:14 -07:00
storage:
local:
path: /srv/sys/authelia/db.sqlite3
notifier:
filesystem:
filename: /run/emails.txt
2023-02-06 13:56:11 -07:00
access_control:
default_policy: deny
rules:
- domain: deergrove.woozle.org
subject:
- "group:octoprint"
resources:
- '^/octoprint/'
- '^/webcam/'
policy: one_factor
- domain: deergrove.woozle.org
subject:
- "group:media"
resources:
- '^/[a-z]+arr/'
- '^/nzbget/'
- '^/transmission/'
- '^/sucker/'
2023-02-15 16:39:09 -07:00
- '^/unmanic/'
policy: one_factor
- domain: deergrove.woozle.org
resources:
- '^/[a-z.]*$'
2023-02-09 14:34:56 -07:00
- '^/netdata/'
2023-02-06 13:56:11 -07:00
policy: one_factor
- domain: drive.woozle.org
methods:
- HEAD
- GET
- PROPFIND
resources:
- '^/storage/public/'
policy: bypass
2023-02-06 13:56:11 -07:00
- domain: drive.woozle.org
subject:
- "group:storage"
resources:
- '^/incoming/'
- '^/media/'
- '^/storage/(README.md)?$'
- '^/storage/(?P<User>\w+)/'
- '^/storage/(?P<Group>\w+)/'
- '^/storage/shared/'
- '^/storage/public/'
policy: one_factor
2023-02-06 13:56:11 -07:00
- domain: drive.woozle.org
methods:
- HEAD
- GET
- PROPFIND
2023-02-09 14:34:56 -07:00
- OPTIONS
2023-02-06 13:56:11 -07:00
resources:
- '^/(README.md)?$'
- '^/incoming/'
- '^/media/'
- '^/storage/shared/'
policy: one_factor
2023-02-06 13:56:11 -07:00
2023-02-15 16:39:09 -07:00
- domain: photos.woozle.org
resources:
- '^(/pgapi)?/gallery/(?P<User>\w+)'
- '^(/pgapi)?/gallery/(?P<Group>\w+)'
- '^(/pgapi)?/gallery/content/'
policy: one_factor
- domain: photos.woozle.org
resources:
- '^(/pgapi)?/gallery/.'
policy: deny
- domain: photos.woozle.org
policy: one_factor