wireguard_webadmin/containers/caddy/config_example/auth_policies.json

{
  "auth_methods": {
    "password_local": {
      "type": "local_password"
    },
    "totp_default": {
      "type": "totp",
      "totp_secret": "",
      "totp_before_auth": false
    },
    "google_workspace_admins": {
      "type": "oidc",
      "provider": "google",
      "client_id": "GOOGLE_CLIENT_ID",
      "client_secret": "GOOGLE_CLIENT_SECRET",
      "allowed_domains": [
        "example.com"
      ],
      "allowed_emails": [
        "eduardo@example.com",
        "alice@example.com"
      ]
    },
    "office_network": {
      "type": "ip_address",
      "rules": [
        {
          "address": "10.0.0.0",
          "prefix_length": 24,
          "action": "allow",
          "description": "Office LAN"
        },
        {
          "address": "192.168.1.100",
          "prefix_length": null,
          "action": "deny",
          "description": "Blocked workstation"
        }
      ]
    }
  },
  "groups": {
    "admins": {
      "users": [
        "eduardo",
        "alice"
      ]
    },
    "ops": {
      "users": [
        "bob",
        "charlie"
      ]
    },
    "staff": {
      "users": [
        "david"
      ]
    }
  },
  "users": {
    "eduardo": {
      "email": "eduardo@example.com",
      "password_hash": "$argon2id$hash",
      "totp_secret": "JBSWY3DPEHPK3PXP"
    },
    "alice": {
      "email": "alice@example.com",
      "password_hash": "$argon2id$hash",
      "totp_secret": ""
    },
    "bob": {
      "email": "bob@example.com",
      "password_hash": "$argon2id$hash",
      "totp_secret": ""
    }
  },
  "policies": {
    "public": {
      "policy_type": "bypass",
      "groups": [],
      "methods": []
    },
    "api_users": {
      "policy_type": "protected",
      "groups": [
        "staff"
      ],
      "methods": [
        "password_local"
      ]
    },
    "ops_access": {
      "policy_type": "protected",
      "groups": [
        "ops"
      ],
      "methods": [
        "password_local"
      ]
    },
    "admin_access": {
      "policy_type": "protected",
      "groups": [
        "admins"
      ],
      "methods": [
        "password_local",
        "totp_default"
      ]
    },
    "google_admin_access": {
      "policy_type": "protected",
      "groups": [
        "admins"
      ],
      "methods": [
        "google_workspace_admins",
        "totp_default"
      ]
    }
  }
}