From d160d16cc97a993d5735bcf35f4ffe16ee907aee Mon Sep 17 00:00:00 2001
From: ibizaman <ibizapeanut@gmail.com>
Date: Wed, 8 Nov 2023 13:53:32 -0800
Subject: [PATCH] really fix vaultwarden authelia config I think

---
 modules/vaultwarden.nix | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
index a687994..0768d05 100644
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@@ -166,16 +166,19 @@ in
         upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
         autheliaRules = [
           {
-            domain = "${fqdn}/admin";
+            domain = "${fqdn}";
             policy = "two_factor";
             subject = ["group:vaultwarden_admin"];
+            resources = [
+              "^/admin"
+            ];
+          }
+          # There's no way to protect the webapp using Authelia this way, see
+          # https://github.com/dani-garcia/vaultwarden/discussions/3188
+          {
+            domain = fqdn;
+            policy = "bypass";
           }
-          # There's no way to protect the webapp using Authelia this way, see https://github.com/dani-garcia/vaultwarden/discussions/3188
-          # {
-          #   domain = fqdn;
-          #   policy = "two_factor";
-          #   subject = ["group:vaultwarden"];
-          # }
         ];
       }
     ];