ds9 http auth

2025-02-23 23:01:52 +01:00 · 2025-02-23 23:01:52 +01:00 · 1c3e1d0a91
commit 1c3e1d0a91
parent f6d88dc51f
2 changed files with 48 additions and 4 deletions
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@ -161,6 +161,28 @@ in
          }
        }
      }
+      (podmanRedirWithAuth) {
+        route {
+        # always forward outpost path to actual outpost
+          reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000 {
+            transport http {
+              resolvers 10.88.0.1 # podman dns
+            }
+          }
+          forward_auth http://authentik-server:9000 {
+            transport http {
+              resolvers 10.88.0.1 # podman dns
+            }
+            uri /outpost.goauthentik.io/auth/caddy
+            copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+          }
+          reverse_proxy {args[:]} {
+            transport http {
+              resolvers 10.88.0.1 # podman dns
+            }
+          }
+        }
+      }
    '';
    globalConfig = ''
      acme_dns desec {
@ -180,6 +202,10 @@ in
      handle @auth {
        import podmanRedir http://authentik-server:9000
      }
+      @grafana host grafana.hailsatan.eu
+      handle @grafana {
+        import podmanRedirWithAuth http://grafana:3000 
+      }
      handle {
        abort
      }
@ -199,7 +225,7 @@ in
      }
      @grafana host grafana.hailsatan.eu
      handle @grafana {
-        import podmanRedir http://grafana:3000 
+        import podmanRedirWithAuth http://grafana:3000 
      }
      @node-red host node-red.hailsatan.eu
      handle @node-red {