From 57c7b06f0325afcb8b12aff2905ddca81b4c24d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= <lukas@kucharczyk.xyz>
Date: Mon, 21 Jun 2021 11:32:24 +0200
Subject: [PATCH] authelia: secure portainer, keycloak, allow local

---
 roles/authelia/templates/configuration.yml.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/authelia/templates/configuration.yml.j2 b/roles/authelia/templates/configuration.yml.j2
index 0bff2a2..7aee676 100644
--- a/roles/authelia/templates/configuration.yml.j2
+++ b/roles/authelia/templates/configuration.yml.j2
@@ -26,11 +26,19 @@ authentication_backend:
     password: {{ vault_openldap_admin_password }}
 access_control:
   default_policy: deny
+  networks:
+    - name: local
+      networks:
+        - 192.168.0.0/24
   rules:
     - domain: "*.{{ base_domain }}"
+      networks:
+        - local
       policy: bypass
     - domain: portainer.{{ base_domain }}
       policy: one_factor
+    - domain: keycloak.{{ base_domain }}
+      policy: one_factor
 session:
   name: authelia_session
   secret: somerandomsecret