Cleaning up network configuration; Authelia bypasses

authelia/configuration.yml

@@ -28,24 +28,48 @@ access_control:
 #   Dumb redirect to dash.pukeko.xyz - do not auth
     - domain: "pukeko.xyz"
       policy: bypass
+#   Allow access from internal network
     - domain:
       - "*.pukeko.xyz"
       networks:
+        # Home
         - 192.168.0.0/24
+        # traefik_internal
+        - 172.19.0.0/16
+        # Wireguard
+        - 10.8.0.0/24 
+      policy: bypass
+#   Allow access to container's /api address
+    - domain:
+      - "*.pukeko.xyz"
+      resources:
+      - "^/api.*"
       policy: bypass
 #   Allow access to specific subdomains with family group
     - domain: "photos.pukeko.xyz"
       policy: one_factor
       subject: "group:family"
+    - domain: "tv.pukeko.xyz"
+      policy: one_factor
+      subject: "group:family"
+    - domain: "movies.pukeko.xyz"
+      policy: one_factor
+      subject: "group:family"
 #   Allow access to shares within Filebrowser
     - domain: "cloud.pukeko.xyz"
       policy: bypass
       resources:
 #     Match only /share/ url's - Filebrowser's shares
       - "^*/share/.*"
+    - domain:
+      - "git.pukeko.xyz"
+      policy: bypass
+      resources:
+      - "^/public([/?].*)?$"
     - domain:
       - "*.pukeko.xyz"
       policy: two_factor 
+#     Allow access to public Git repository
 session:
   name: authelia_session
   secret: M22162530

authelia/users_database.yml

@@ -11,6 +11,11 @@ users:
     email: yhorovitz@gmail.com
     groups:
     - family
+  matan:
+    password: $argon2id$v=19$m=65536,t=1,p=8$aDNUbCtTSEpJdkJnL1B5aQ$lSTiaRsWgPpTqYSGissf4umr0VQPPulynH9igqiMVFg
+    displayname: Matan Horovitz
+    groups:
+    - family
   shmick:
     password: $argon2id$v=19$m=524288,t=1,p=8$OXZDU0NqS3J1VVBhWkdGMg$yvlKAog0MTtP95VpXgeWFnyiX5uNGK23vDqmcP8lLAU
     displayname: Shmickonon Shmickovski