rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-05-15 08:31:07 +02:00
Code Issues Projects Releases Packages Wiki Activity

add authentication to all services

Browse source
This commit is contained in:
Rouven Seifert 2025-05-14 01:03:40 +02:00
parent 7656a942c0
commit 7fe28374b8
5 changed files with 42 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/nuc/modules/indexing/radarr.nix
View file

@ -7,6 +7,16 @@ in
enable = true;
};
services.caddy.virtualHosts."${domain}".extraConfig = ''
# for some reason this only works with http and not with https so we send every request through our wireguard tunnel
reverse_proxy /outpost.goauthentik.io/* http://nuc.vpn.rfive.de:9000
# forward authentication to authentik
forward_auth http://nuc.vpn.rfive.de:9000 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
}
reverse_proxy 127.0.0.1:${toString config.services.radarr.settings.server.port}
'';
}