feat: Added ldap and authelia oidc

2025-07-29 04:26:12 +05:30
parent b05f18bac5
commit 26b5ab00d5
10 changed files with 179 additions and 80 deletions
--- a/nixos/mirai/services/llama.nix
+++ b/nixos/mirai/services/llama.nix
@@ -43,13 +43,13 @@
    };

    caddy = {
-      # virtualHosts."llama.darksailor.dev".extraConfig = ''
-      #   forward_auth localhost:5555 {
-      #       uri /api/authz/forward-auth
-      #       copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
-      #   }
-      #   reverse_proxy localhost:7070
-      # '';
+      virtualHosts."llama.darksailor.dev".extraConfig = ''
+        forward_auth localhost:5555 {
+            uri /api/authz/forward-auth
+            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+        }
+        reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
+      '';
      virtualHosts."ollama.darksailor.dev".extraConfig = ''
        @apikey {
            header Authorization "Bearer {env.LLAMA_API_KEY}"
@@ -61,12 +61,26 @@
            Access-Control-Allow-Origin *
            -Authorization "Bearer {env.LLAMA_API_KEY}"  # Remove the header after validation
          }
-          reverse_proxy localhost:11434
+          reverse_proxy localhost:${builtins.toString config.services.ollama.port}
        }

        respond "Unauthorized" 403
      '';
    };
+    authelia = {
+      instances.darksailor = {
+        settings = {
+          access_control = {
+            rules = [
+              {
+                domain = "llama.darksailor.dev";
+                policy = "one_factor";
+              }
+            ];
+          };
+        };
+      };
+    };
  };
  systemd.services.caddy = {
    serviceConfig = {