xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ds9 http auth

Browse source
This commit is contained in:
Lucy Hochkamp 2025-02-23 23:01:52 +01:00
parent f6d88dc51f
commit 1c3e1d0a91
No known key found for this signature in database
2 changed files with 48 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

24
hosts/ds9/containers.nix
View file

@ -171,9 +171,27 @@ in
virtualisation.oci-containers.containers.grafana = { virtualisation.oci-containers.containers.grafana = {
image = "grafana/grafana-oss:latest"; image = "grafana/grafana-oss:latest";
extraOptions = [ "--network=podman" "--network=db-net" ]; extraOptions = [ "--network=podman" "--network=db-net" ];
volumes = [ volumes =
"grafana-data:/var/lib/grafana" let
]; ini = pkgs.writeText "grafana.ini" ''
[users]
allow_sign_up = false
auto_assign_org = true
auto_assign_org_role = Editor
[auth.proxy]
enabled = true
headers = Name:X-Authentik-Username Email:X-Authentik-Email Groups:X-Authentik-Groups
header_name = X-Authentik-Username
header_property = username
auto_sign_up = true
'';
in
[
"grafana-data:/var/lib/grafana"
"${ini}:/etc/grafana/grafana.ini"
];
environment = { environment = {
GF_SERVER_ROOT_URL = "https://grafana.hailsatan.eu/"; GF_SERVER_ROOT_URL = "https://grafana.hailsatan.eu/";
GF_INSTALL_PLUGINS = ""; GF_INSTALL_PLUGINS = "";

28
hosts/ds9/default.nix
View file

@ -161,6 +161,28 @@ in
} }
} }
} }
(podmanRedirWithAuth) {
route {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000 {
transport http {
resolvers 10.88.0.1 # podman dns
}
}
forward_auth http://authentik-server:9000 {
transport http {
resolvers 10.88.0.1 # podman dns
}
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
}
reverse_proxy {args[:]} {
transport http {
resolvers 10.88.0.1 # podman dns
}
}
}
}
''; '';
globalConfig = '' globalConfig = ''
acme_dns desec { acme_dns desec {
@ -180,6 +202,10 @@ in
handle @auth { handle @auth {
import podmanRedir http://authentik-server:9000 import podmanRedir http://authentik-server:9000
} }
@grafana host grafana.hailsatan.eu
handle @grafana {
import podmanRedirWithAuth http://grafana:3000
}
handle { handle {
abort abort
} }
@ -199,7 +225,7 @@ in
} }
@grafana host grafana.hailsatan.eu @grafana host grafana.hailsatan.eu
handle @grafana { handle @grafana {
import podmanRedir http://grafana:3000 import podmanRedirWithAuth http://grafana:3000
} }
@node-red host node-red.hailsatan.eu @node-red host node-red.hailsatan.eu
handle @node-red { handle @node-red {