wireguard_webadmin/containers/caddy/config_example/auth_policies.json

{
  "auth_methods": {
    "password_local": {
      "type": "local_password"
    },
    "totp_default": {
      "type": "totp",
      "totp_secret": "",
      "totp_before_auth": false
    },
    "google_workspace_admins": {
      "type": "oidc",
      "provider": "google",
      "client_id": "GOOGLE_CLIENT_ID",
      "client_secret": "GOOGLE_CLIENT_SECRET",
      "allowed_domains": [
        "example.com"
      ],
      "allowed_emails": [
        "eduardo@example.com",
        "alice@example.com"
      ]
    },
    "office_network": {
      "type": "ip_address",
      "rules": [
        {
          "address": "10.0.0.0",
          "prefix_length": 24,
          "action": "allow",
          "description": "Office LAN"
        },
        {
          "address": "192.168.1.100",
          "prefix_length": null,
          "action": "deny",
          "description": "Blocked workstation"
        }
      ]
    }
  },
  "groups": {
    "admins": {
      "users": [
        "eduardo",
        "alice"
      ]
    },
    "ops": {
      "users": [
        "bob",
        "charlie"
      ]
    },
    "staff": {
      "users": [
        "david"
      ]
    }
  },
  "users": {
    "eduardo": {
      "email": "eduardo@example.com",
      "password_hash": "$argon2id$hash",
      "totp_secret": "JBSWY3DPEHPK3PXP"
    },
    "alice": {
      "email": "alice@example.com",
      "password_hash": "$argon2id$hash",
      "totp_secret": ""
    },
    "bob": {
      "email": "bob@example.com",
      "password_hash": "$argon2id$hash",
      "totp_secret": ""
    }
  },
  "policies": {
    "public": {
      "policy_type": "bypass",
      "groups": [],
      "methods": []
    },
    "api_users": {
      "policy_type": "protected",
      "groups": [
        "staff"
      ],
      "methods": [
        "password_local"
      ]
    },
    "ops_access": {
      "policy_type": "protected",
      "groups": [
        "ops"
      ],
      "methods": [
        "password_local"
      ]
    },
    "admin_access": {
      "policy_type": "protected",
      "groups": [
        "admins"
      ],
      "methods": [
        "password_local",
        "totp_default"
      ]
    },
    "google_admin_access": {
      "policy_type": "protected",
      "groups": [
        "admins"
      ],
      "methods": [
        "google_workspace_admins",
        "totp_default"
      ]
    }
  }
}
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`{`
			`"auth_methods": {`
			`"password_local": {`
			`"type": "local_password"`
			`},`
			`"totp_default": {`
update config example 2026-03-14 11:49:34 -03:00			`"type": "totp",`
			`"totp_secret": "",`
			`"totp_before_auth": false`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`},`
			`"google_workspace_admins": {`
			`"type": "oidc",`
			`"provider": "google",`
			`"client_id": "GOOGLE_CLIENT_ID",`
			`"client_secret": "GOOGLE_CLIENT_SECRET",`
			`"allowed_domains": [`
			`"example.com"`
			`],`
			`"allowed_emails": [`
			`"eduardo@example.com",`
			`"alice@example.com"`
			`]`
update config example 2026-03-14 11:49:34 -03:00			`},`
			`"office_network": {`
			`"type": "ip_address",`
			`"rules": [`
			`{`
			`"address": "10.0.0.0",`
			`"prefix_length": 24,`
			`"action": "allow",`
			`"description": "Office LAN"`
			`},`
			`{`
			`"address": "192.168.1.100",`
			`"prefix_length": null,`
			`"action": "deny",`
			`"description": "Blocked workstation"`
			`}`
			`]`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`}`
			`},`
			`"groups": {`
			`"admins": {`
			`"users": [`
			`"eduardo",`
			`"alice"`
			`]`
			`},`
			`"ops": {`
			`"users": [`
			`"bob",`
			`"charlie"`
			`]`
			`},`
			`"staff": {`
			`"users": [`
			`"david"`
			`]`
			`}`
			`},`
			`"users": {`
			`"eduardo": {`
			`"email": "eduardo@example.com",`
update config example 2026-03-14 11:49:34 -03:00			`"password_hash": "$argon2id$hash",`
			`"totp_secret": "JBSWY3DPEHPK3PXP"`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`},`
			`"alice": {`
			`"email": "alice@example.com",`
update config example 2026-03-14 11:49:34 -03:00			`"password_hash": "$argon2id$hash",`
			`"totp_secret": ""`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`},`
			`"bob": {`
			`"email": "bob@example.com",`
update config example 2026-03-14 11:49:34 -03:00			`"password_hash": "$argon2id$hash",`
			`"totp_secret": ""`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`}`
			`},`
			`"policies": {`
			`"public": {`
update config example 2026-03-14 11:49:34 -03:00			`"policy_type": "bypass",`
			`"groups": [],`
			`"methods": []`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`},`
			`"api_users": {`
update examples 2026-03-14 10:14:19 -03:00			`"policy_type": "protected",`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`"groups": [`
			`"staff"`
			`],`
			`"methods": [`
			`"password_local"`
			`]`
			`},`
			`"ops_access": {`
update examples 2026-03-14 10:14:19 -03:00			`"policy_type": "protected",`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`"groups": [`
			`"ops"`
			`],`
			`"methods": [`
			`"password_local"`
			`]`
			`},`
			`"admin_access": {`
update examples 2026-03-14 10:14:19 -03:00			`"policy_type": "protected",`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`"groups": [`
			`"admins"`
			`],`
			`"methods": [`
			`"password_local",`
			`"totp_default"`
			`]`
			`},`
			`"google_admin_access": {`
update examples 2026-03-14 10:14:19 -03:00			`"policy_type": "protected",`
gatekeeper config examples 2026-03-11 15:34:08 -03:00			`"groups": [`
			`"admins"`
			`],`
			`"methods": [`
			`"google_workspace_admins",`
			`"totp_default"`
			`]`
			`}`
			`}`
			`}`