From e39ee829f69dbfe6044c5790d92ee9db52484e1e Mon Sep 17 00:00:00 2001 From: Nicolas Lenz <nicolas@eisfunke.com> Date: Sat, 3 May 2025 01:46:09 +0200 Subject: [PATCH] wip --- nixos/server/git.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/nixos/server/git.nix b/nixos/server/git.nix index 02b99fef..af879b66 100644 --- a/nixos/server/git.nix +++ b/nixos/server/git.nix @@ -441,6 +441,24 @@ See: replace-notes.headers = { customRequestHeaders.Host = "notes-8efb78.pages.eisfunke.com"; }; + auth-private-notes.forwardAuth = { + # localhost:61022 is the authentik container + address = "http://localhost:61022/outpost.goauthentik.io/auth/TODO"; + trustForwardHeader = true; + authResponseHeaders = [ + "X-authentik-username" + "X-authentik-groups" + "X-authentik-email" + "X-authentik-name" + "X-authentik-uid" + "X-authentik-jwt" + "X-authentik-meta-jwks" + "X-authentik-meta-outpost" + "X-authentik-meta-provider" + "X-authentik-meta-app" + "X-authentik-meta-version" + ]; + }; }; services = { git.loadBalancer.servers = [ { url = "http://localhost:61026"; } ]; -- GitLab