fix: protect ha onboarding with authelia

2026-06-12 21:52:45 +02:00
parent c24b792808
commit 4ab6dcefd2
2 changed files with 3 additions and 5 deletions
@@ -28,10 +28,8 @@ services:
      - traefik.http.routers.homeassistant.entrypoints=websecure
      - traefik.http.routers.homeassistant.tls=true
      - traefik.http.routers.homeassistant.tls.certresolver=le
-      # Temporary onboarding guard: keep HA reachable only from LAN/Tailscale
-      # until the owner account exists.
-      - traefik.http.routers.homeassistant.middlewares=homeassistant-lan-only
-      - traefik.http.middlewares.homeassistant-lan-only.ipallowlist.sourcerange=192.168.178.0/24,100.64.0.0/10,217.249.114.123/32
+      # Temporary onboarding guard: remove after the HA owner account exists.
+      - traefik.http.routers.homeassistant.middlewares=authelia@file,secure-headers@file
      - traefik.http.services.homeassistant.loadbalancer.server.port=8123

  mosquitto: