authelia: Restrict access to firefly

Since we've configured the Ingress for Firefly III to log everyone in as *dustin* via a faked `Remote-User` request header, any user on the Pyrocufflink domain would be able to see my finances. Using Authelia's access control mechanism, we can restrict this to only users in a specific group.
2023-12-11 10:36:01 -06:00 · 2023-12-11 10:36:01 -06:00 · 39d19cb3ea
parent 9561c687aa
commit 39d19cb3ea
1 changed files with 14 additions and 0 deletions
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@ -14,6 +14,20 @@ access_control:
    policy: bypass
  - domain: firefly.pyrocufflink.blue
    policy: two_factor
+    subject:
+    - 'group:Firefly III Users'
+  - domain: firefly-importer.pyrocufflink.blue
+    policy: two_factor
+    subject:
+    - 'group:Firefly III Users'
+  - domain: firefly-importer.pyrocufflink.blue
+    policy: one_factor
+    subject:
+      - 'user:svc.xactfetch'
+  - domain: firefly.pyrocufflink.blue
+    policy: deny
+  - domain: firefly-importer.pyrocufflink.blue
+    policy: deny
  - domain: scan.pyrocufflink.blue
    networks:
    - internal