ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Arion: Add authentik integration with non-oidc services

Browse source
This commit is contained in:
GHOSCHT 2024-08-19 20:55:51 +02:00
parent 3581dfc24a
commit 756536a2ee
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
5 changed files with 27 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/franz/arion/infrastructure/arion-compose.nix
View file

@ -38,7 +38,7 @@
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/infrastructure/traefik_config/traefik.yml:/traefik.yml:ro" "/home/ghoscht/.docker/infrastructure/traefik_config/traefik.yml:/traefik.yml:ro"
"/home/ghoscht/.docker/infrastructure/traefik_data/config.yml:/config.yml:ro" "/home/ghoscht/.docker/infrastructure/traefik_config/conf:/conf:ro"
"/storage/dataset/docker/infrastructure/traefik_data/acme.json:/acme.json" "/storage/dataset/docker/infrastructure/traefik_data/acme.json:/acme.json"
"/var/run/docker.sock:/var/run/docker.sock:ro" "/var/run/docker.sock:/var/run/docker.sock:ro"
"traefik-logs:/var/log/traefik" "traefik-logs:/var/log/traefik"

3
hosts/franz/arion/infrastructure/default.nix
View file

@ -96,7 +96,8 @@ in {
exposedByDefault: false exposedByDefault: false
network: dmz network: dmz
file: file:
filename: /config.yml watch: true
directory: /conf/
certificatesResolvers: certificatesResolvers:
letsencrypt: letsencrypt:
acme: acme:

6
hosts/franz/arion/media/arion-compose.nix
View file

@ -112,6 +112,7 @@
"traefik.docker.network" = "dmz"; "traefik.docker.network" = "dmz";
"traefik.http.routers.transmission.tls" = "true"; "traefik.http.routers.transmission.tls" = "true";
"traefik.http.routers.transmission.tls.certresolver" = "letsencrypt"; "traefik.http.routers.transmission.tls.certresolver" = "letsencrypt";
"traefik.http.routers.transmission.middlewares" = "authentik@file";
}; };
volumes = [ volumes = [
"/storage/dataset/docker/media/transmission_data:/config" "/storage/dataset/docker/media/transmission_data:/config"
@ -155,6 +156,7 @@
"traefik.docker.network" = "dmz"; "traefik.docker.network" = "dmz";
"traefik.http.routers.prowlarr.tls" = "true"; "traefik.http.routers.prowlarr.tls" = "true";
"traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.prowlarr.middlewares" = "authentik@file";
"diun.enable" = "true"; "diun.enable" = "true";
"diun.watch_repo" = "true"; "diun.watch_repo" = "true";
@ -185,6 +187,7 @@
"traefik.docker.network" = "dmz"; "traefik.docker.network" = "dmz";
"traefik.http.routers.sonarr.tls" = "true"; "traefik.http.routers.sonarr.tls" = "true";
"traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.sonarr.middlewares" = "authentik@file";
"diun.enable" = "true"; "diun.enable" = "true";
"diun.watch_repo" = "true"; "diun.watch_repo" = "true";
@ -217,6 +220,7 @@
"traefik.docker.network" = "dmz"; "traefik.docker.network" = "dmz";
"traefik.http.routers.radarr.tls" = "true"; "traefik.http.routers.radarr.tls" = "true";
"traefik.http.routers.radarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.radarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.radarr.middlewares" = "authentik@file";
"diun.enable" = "true"; "diun.enable" = "true";
"diun.watch_repo" = "true"; "diun.watch_repo" = "true";
@ -250,6 +254,7 @@
"traefik.docker.network" = "dmz"; "traefik.docker.network" = "dmz";
"traefik.http.routers.lidarr.tls" = "true"; "traefik.http.routers.lidarr.tls" = "true";
"traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.lidarr.middlewares" = "authentik@file";
}; };
volumes = [ volumes = [
"/storage/dataset/docker/media/lidarr_data:/config" "/storage/dataset/docker/media/lidarr_data:/config"
@ -280,6 +285,7 @@
"traefik.docker.network" = "dmz"; "traefik.docker.network" = "dmz";
"traefik.http.routers.bazarr.tls" = "true"; "traefik.http.routers.bazarr.tls" = "true";
"traefik.http.routers.bazarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.bazarr.tls.certresolver" = "letsencrypt";
"traefik.http.routers.bazarr.middlewares" = "authentik@file";
}; };
volumes = [ volumes = [
"/storage/dataset/docker/media/bazarr_data:/config" "/storage/dataset/docker/media/bazarr_data:/config"

0
rsc/docker/franz/infrastructure/traefik_data/config.yml → rsc/docker/franz/infrastructure/traefik_config/conf/crowdsec.yml
View file

18
rsc/docker/franz/infrastructure/traefik_config/conf/headers.yml Normal file
View file

@ -0,0 +1,18 @@
http:
middlewares:
authentik:
forwardAuth:
address: http://authentik:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version