Enable auth for transmission and sonarr

collectors.docker-compose.yml

@@ -47,6 +47,7 @@ services:
     restart: unless-stopped
     labels:
       traefik.enable: true
+      traefik.http.routers.sonarr.middlewares: authelia@file
 
   radarr:
     image: linuxserver/radarr

docker/configs/authelia/access.yml

@@ -27,4 +27,22 @@
 ##
 ## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies.
 access_control:
-  default_policy: two_factor
+  default_policy: deny
+  rules:
+    # Support for one factor for transmission API
+    # Only users in "transmission-basic" should be allowed to do so
+    - domain_regex: '^transmission\..*'
+      policy: one_factor
+      subject:
+        - 'group:transmission-basic'
+    # Disable authentication on API protected by API keys
+    - domain_regex: '^(bazarr|prowlarr|radarr|sonarr)\..*'
+      policy: bypass
+      resources:
+        - '^/api$'
+        - '^/api/'
+    # Effective default policy, only allow admins with two-factor
+    - domain_regex: '.*'
+      policy: two_factor
+      subject:
+        - 'group:admins'

downloads.docker-compose.yml

@@ -56,6 +56,7 @@ services:
     labels:
       traefik.enable: true
       traefik.http.services.transmission.loadbalancer.server.port: 9091
+      traefik.http.routers.transmission.middlewares: authelia@file
 
   youtube-dl:
     image: alexta69/metube