stacks/homelab/authelia.yaml

98 lines
2.1 KiB
YAML

log:
level: info # error, warn, [info], debug, trace
authentication_backend:
password_reset:
disable: true
file:
path: /run/secrets/users.yaml
totp:
issuer: woozle.org
session:
domain: woozle.org
same_site: strict
redis:
host: redis
port: 6379
database_index: 1
storage:
local:
path: /srv/sys/authelia/db.sqlite3
notifier:
filesystem:
filename: /run/emails.txt
access_control:
default_policy: deny
rules:
- domain: deergrove.woozle.org
subject:
- "group:octoprint"
resources:
- '^/octoprint/'
- '^/webcam/'
policy: one_factor
- domain: deergrove.woozle.org
subject:
- "group:media"
resources:
- '^/[a-z]+arr/'
- '^/nzbget/'
- '^/transmission/'
- '^/sucker/'
- '^/unmanic/'
policy: one_factor
- domain: deergrove.woozle.org
resources:
- '^/[a-z.]*$'
- '^/netdata/'
policy: one_factor
- domain: drive.woozle.org
methods:
- HEAD
- GET
- PROPFIND
resources:
- '^/storage/public/'
policy: bypass
- domain: drive.woozle.org
subject:
- "group:storage"
resources:
- '^/incoming/'
- '^/media/'
- '^/storage/(README.md)?$'
- '^/storage/(?P<User>\w+)/'
- '^/storage/(?P<Group>\w+)/'
- '^/storage/shared/'
- '^/storage/public/'
policy: one_factor
- domain: drive.woozle.org
methods:
- HEAD
- GET
- PROPFIND
- OPTIONS
resources:
- '^/(README.md)?$'
- '^/incoming/'
- '^/media/'
- '^/storage/shared/'
policy: one_factor
- domain: photos.woozle.org
resources:
- '^(/pgapi)?/gallery/(?P<User>\w+)'
- '^(/pgapi)?/gallery/(?P<Group>\w+)'
- '^(/pgapi)?/gallery/content/'
policy: one_factor
- domain: photos.woozle.org
resources:
- '^(/pgapi)?/gallery/.'
policy: deny
- domain: photos.woozle.org
policy: one_factor