From 56912e3c4c576e122abf46635bcb28c642aac1f0 Mon Sep 17 00:00:00 2001
From: Matan Horovitz <matanhorovitz@protonmail.com>
Date: Fri, 16 Sep 2022 19:24:05 +0300
Subject: [PATCH] Update DNS config to use dedicated Adguard network

---
 authelia/configuration.yml | 24 +++++++++++++++++++-----
 docker-compose.yml         |  4 ++++
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/authelia/configuration.yml b/authelia/configuration.yml
index 189d9b7..dd123a2 100644
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -32,15 +32,17 @@ access_control:
     - domain:
       - "*.pukeko.xyz"
       networks:
+        #Docker main subnet
+        - 150.200.0.1/24
+        #Docker subnet A
+        - 150.201.0.1/24
+        #Docker subnet B
+        - 150.202.0.1/24
         # Home
         - 192.168.0.0/24
-        # traefik_internal
-        - 172.19.0.0/16
         # Wireguard
         - 10.8.0.0/16 
-        # Arr, for some reason
-        - 192.168.240.0/16 
-      policy: bypass
+      policy: one_factor
 #   Allow access to container's /api address
     - domain:
       - "*.pukeko.xyz"
@@ -160,3 +162,15 @@ identity_providers:
         secret: '8Jx#U^%NXEvD#jc@A35wH!6PT8^DYo7pXftCKe3P%C%*xN9FQn26ec^kTxkuhA*9fZx@7*P65Y*L2Ty#Z*7n*f3#^$R!8TSuQ3THW*t#seL#iE7MatYEowb$GvU!8Y!5'
         redirect_uris:
           - https://flight.pukeko.xyz/
+      - id: vikunja
+        description: Vikunja
+        secret: 'ryKVwXhfHeAQKJJHwejEpK66pAuTGvY2saZArKTFZPjWVs2fKNHDAwah8TbPP44LGKYPBYJxU5Ua5H4Su87DAY4ktpAz6UfmpB9XnXCPoACtBrwBgykjoC6cUzXJRc7t'
+        redirect_uris:
+          - https://tasks.pukeko.xyz/auth/openid/
+          - https://tasks.pukeko.xyz/auth/openid/authelia
+          - https://tasks.pukeko.xyz/api/oidc/authorization
+        scopes:
+          - openid
+          - email
+          - profile
+          - groups
diff --git a/docker-compose.yml b/docker-compose.yml
index 3c6b39f..549620e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -39,6 +39,7 @@ services:
       - network
       - internal
       - arr_network
+      - dns_network
       - filebrowser_network
       - gitea_network
       - gitea_public_instance_network
@@ -115,6 +116,7 @@ services:
       - 'traefik.http.middlewares.authelia-basic.forwardauth.authResponseHeaders=Remote-User, Remote-Groups, Remote-Name, Remote-Email'
     networks:
       - internal
+      - dns_network
     expose:
       - 9091
 secrets:
@@ -129,6 +131,8 @@ networks:
     driver: bridge
   arr_network:
     external: true
+  dns_network:
+    external: true
   filebrowser_network:
     external: true
   freshrss_network: