From c8ae4ff37a005db5a0541a180df8304617d737b7 Mon Sep 17 00:00:00 2001 From: uttarayan21 Date: Tue, 29 Jul 2025 13:58:29 +0530 Subject: [PATCH] feat: Try to auth *arr stack with authelia --- nixos/mirai/services/authelia.nix | 4 +++- nixos/mirai/services/caddy.nix | 10 +--------- nixos/mirai/services/prowlarr.nix | 6 ++++++ nixos/tsuba/services/servarr.nix | 24 +++++++++++++++++++++++- 4 files changed, 33 insertions(+), 11 deletions(-) diff --git a/nixos/mirai/services/authelia.nix b/nixos/mirai/services/authelia.nix index 81cefff5..5033d17d 100644 --- a/nixos/mirai/services/authelia.nix +++ b/nixos/mirai/services/authelia.nix @@ -80,7 +80,9 @@ }; caddy = { virtualHosts."auth.darksailor.dev".extraConfig = '' - reverse_proxy localhost:5555 + reverse_proxy localhost:5555 { + trusted_proxies static 100.87.221.59/32 + } ''; }; }; diff --git a/nixos/mirai/services/caddy.nix b/nixos/mirai/services/caddy.nix index d1143356..027404ee 100644 --- a/nixos/mirai/services/caddy.nix +++ b/nixos/mirai/services/caddy.nix @@ -1,15 +1,7 @@ -{ - pkgs, - lib, - ... -}: { +{...}: { services = { caddy = { enable = true; - # package = pkgs.caddy.withPlugins { - # plugins = ["github.com/caddy-dns/hetzner@c1104f8d1e376a062bce86cd53025c2187a6be45"]; - # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ="; - # }; }; }; } diff --git a/nixos/mirai/services/prowlarr.nix b/nixos/mirai/services/prowlarr.nix index 9efd2a6d..d66ba13c 100644 --- a/nixos/mirai/services/prowlarr.nix +++ b/nixos/mirai/services/prowlarr.nix @@ -2,6 +2,12 @@ services = { prowlarr = { enable = true; + settings = { + auth = { + authentication_enabled = true; + authentication_method = "External"; + }; + }; }; }; } diff --git a/nixos/tsuba/services/servarr.nix b/nixos/tsuba/services/servarr.nix index e2d01e10..6122293d 100644 --- a/nixos/tsuba/services/servarr.nix +++ b/nixos/tsuba/services/servarr.nix @@ -36,25 +36,47 @@ group = "media"; # settings.AuthenticationMethod = "External"; }; - caddy.virtualHosts = { + caddy.virtualHosts = let + forwardAuth = "auth.darksailor.dev"; + in { "sonarr.tsuba.darksailor.dev".extraConfig = '' import hetzner + forward_auth ${forwardAuth} { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } reverse_proxy localhost:${builtins.toString config.services.sonarr.settings.server.port} ''; "radarr.tsuba.darksailor.dev".extraConfig = '' import hetzner + forward_auth ${forwardAuth} { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } reverse_proxy localhost:${builtins.toString config.services.radarr.settings.server.port} ''; "lidarr.tsuba.darksailor.dev".extraConfig = '' import hetzner + forward_auth ${forwardAuth} { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } reverse_proxy localhost:${builtins.toString config.services.lidarr.settings.server.port} ''; "bazarr.tsuba.darksailor.dev".extraConfig = '' import hetzner + forward_auth ${forwardAuth} { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } reverse_proxy localhost:${builtins.toString config.services.bazarr.listenPort} ''; "prowlarr.tsuba.darksailor.dev".extraConfig = '' import hetzner + forward_auth ${forwardAuth} { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } reverse_proxy mirai.darksailor.dev:9696 ''; };