authelia: Restrict access to firefly
Since we've configured the Ingress for Firefly III to log everyone in as *dustin* via a faked `Remote-User` request header, any user on the Pyrocufflink domain would be able to see my finances. Using Authelia's access control mechanism, we can restrict this to only users in a specific group.dch-webhooks-secrets
parent
9561c687aa
commit
39d19cb3ea
|
|
@ -14,6 +14,20 @@ access_control:
|
||||||
policy: bypass
|
policy: bypass
|
||||||
- domain: firefly.pyrocufflink.blue
|
- domain: firefly.pyrocufflink.blue
|
||||||
policy: two_factor
|
policy: two_factor
|
||||||
|
subject:
|
||||||
|
- 'group:Firefly III Users'
|
||||||
|
- domain: firefly-importer.pyrocufflink.blue
|
||||||
|
policy: two_factor
|
||||||
|
subject:
|
||||||
|
- 'group:Firefly III Users'
|
||||||
|
- domain: firefly-importer.pyrocufflink.blue
|
||||||
|
policy: one_factor
|
||||||
|
subject:
|
||||||
|
- 'user:svc.xactfetch'
|
||||||
|
- domain: firefly.pyrocufflink.blue
|
||||||
|
policy: deny
|
||||||
|
- domain: firefly-importer.pyrocufflink.blue
|
||||||
|
policy: deny
|
||||||
- domain: scan.pyrocufflink.blue
|
- domain: scan.pyrocufflink.blue
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue