From 07249eb891e2dd18bd8e82586be9f94e647fd66f Mon Sep 17 00:00:00 2001 From: Colin Hebert Date: Mon, 16 Jan 2023 18:51:40 +0100 Subject: [PATCH] Enable auth for transmission and sonarr --- collectors.docker-compose.yml | 1 + docker/configs/authelia/access.yml | 20 +++++++++++++++++++- downloads.docker-compose.yml | 1 + 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/collectors.docker-compose.yml b/collectors.docker-compose.yml index 99fd815..24b51c5 100644 --- a/collectors.docker-compose.yml +++ b/collectors.docker-compose.yml @@ -47,6 +47,7 @@ services: restart: unless-stopped labels: traefik.enable: true + traefik.http.routers.sonarr.middlewares: authelia@file radarr: image: linuxserver/radarr diff --git a/docker/configs/authelia/access.yml b/docker/configs/authelia/access.yml index b15e1dc..af46809 100644 --- a/docker/configs/authelia/access.yml +++ b/docker/configs/authelia/access.yml @@ -27,4 +27,22 @@ ## ## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies. access_control: - default_policy: two_factor + default_policy: deny + rules: + # Support for one factor for transmission API + # Only users in "transmission-basic" should be allowed to do so + - domain_regex: '^transmission\..*' + policy: one_factor + subject: + - 'group:transmission-basic' + # Disable authentication on API protected by API keys + - domain_regex: '^(bazarr|prowlarr|radarr|sonarr)\..*' + policy: bypass + resources: + - '^/api$' + - '^/api/' + # Effective default policy, only allow admins with two-factor + - domain_regex: '.*' + policy: two_factor + subject: + - 'group:admins' diff --git a/downloads.docker-compose.yml b/downloads.docker-compose.yml index 385c96e..92abfa8 100644 --- a/downloads.docker-compose.yml +++ b/downloads.docker-compose.yml @@ -56,6 +56,7 @@ services: labels: traefik.enable: true traefik.http.services.transmission.loadbalancer.server.port: 9091 + traefik.http.routers.transmission.middlewares: authelia@file youtube-dl: image: alexta69/metube