servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Added authelia auth back to internal services

Browse Source
This commit is contained in:
uttarayan21
2025-08-02 04:56:49 +05:30
parent ccf73d7f82
commit f4204ab0fa
2 changed files with 10 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
nixos/tsuba/services/caddy.nix
View File

@@ -12,11 +12,6 @@
};
};
services = {
tailscaleAuth = {
enable = true;
user = config.services.caddy.user;
group = config.services.caddy.group;
};
caddy = {
enable = true;
extraConfig = ''
@@ -29,20 +24,10 @@
}
}
(auth) {
forward_auth unix/${config.services.tailscaleAuth.socketPath} {
uri /auth
header_up Remote-Addr {remote_host}
header_up Remote-Port {remote_port}
header_up Original-URI {uri}
copy_headers {
Tailscale-User>X-Webauth-User
Tailscale-Name>X-Webauth-Name
Tailscale-Login>X-Webauth-Login
Tailscale-Tailnet>X-Webauth-Tailnet
Tailscale-Profile-Picture>X-Webauth-Profile-Picture
}
forward_auth https://auth.darksailor.dev {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
}
'';
package = pkgs.caddy.withPlugins {