infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity

authelia: Restrict access to firefly

Browse Source 
Since we've configured the Ingress for Firefly III to log everyone in as
*dustin* via a faked `Remote-User` request header, any user on the
Pyrocufflink domain would be able to see my finances.  Using Authelia's
access control mechanism, we can restrict this to only users in a
specific group.
This commit is contained in:
Dustin
2023-12-11 10:36:01 -06:00
parent 9561c687aa
commit 39d19cb3ea
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
authelia/configuration.yml
View File

@@ -14,6 +14,20 @@ access_control:
policy: bypass
- domain: firefly.pyrocufflink.blue
policy: two_factor
subject:
- 'group:Firefly III Users'
- domain: firefly-importer.pyrocufflink.blue
policy: two_factor
subject:
- 'group:Firefly III Users'
- domain: firefly-importer.pyrocufflink.blue
policy: one_factor
subject:
- 'user:svc.xactfetch'
- domain: firefly.pyrocufflink.blue
policy: deny
- domain: firefly-importer.pyrocufflink.blue
policy: deny
- domain: scan.pyrocufflink.blue
networks:
- internal