log: level: info # error, warn, [info], debug, trace authentication_backend: password_reset: disable: true file: path: /run/secrets/users.yaml totp: issuer: woozle.org session: domain: woozle.org same_site: strict redis: host: redis port: 6379 database_index: 1 storage: local: path: /srv/sys/authelia/db.sqlite3 notifier: filesystem: filename: /run/emails.txt access_control: default_policy: deny rules: - domain: deergrove.woozle.org subject: - "group:octoprint" resources: - '^/octoprint/' - '^/webcam/' policy: one_factor - domain: deergrove.woozle.org subject: - "group:media" resources: - '^/[a-z]+arr/' - '^/nzbget/' - '^/transmission/' - '^/sucker/' policy: one_factor - domain: deergrove.woozle.org resources: - '^/[a-z.]*$' - '^/netdata/' policy: one_factor - domain: drive.woozle.org methods: - HEAD - GET - PROPFIND resources: - '^/storage/public/' policy: bypass - domain: drive.woozle.org subject: - "group:storage" resources: - '^/incoming/' - '^/media/' - '^/storage/(README.md)?$' - '^/storage/(?P\w+)/' - '^/storage/(?P\w+)/' - '^/storage/shared/' - '^/storage/public/' policy: one_factor - domain: drive.woozle.org methods: - HEAD - GET - PROPFIND - OPTIONS resources: - '^/(README.md)?$' - '^/incoming/' - '^/media/' - '^/storage/shared/' policy: one_factor