From e39ee829f69dbfe6044c5790d92ee9db52484e1e Mon Sep 17 00:00:00 2001
From: Nicolas Lenz <nicolas@eisfunke.com>
Date: Sat, 3 May 2025 01:46:09 +0200
Subject: [PATCH] wip

---
 nixos/server/git.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/nixos/server/git.nix b/nixos/server/git.nix
index 02b99fef..af879b66 100644
--- a/nixos/server/git.nix
+++ b/nixos/server/git.nix
@@ -441,6 +441,24 @@ See:
       replace-notes.headers = {
         customRequestHeaders.Host = "notes-8efb78.pages.eisfunke.com";
       };
+      auth-private-notes.forwardAuth = {
+        # localhost:61022 is the authentik container
+        address = "http://localhost:61022/outpost.goauthentik.io/auth/TODO";
+        trustForwardHeader = true;
+        authResponseHeaders = [
+          "X-authentik-username"
+          "X-authentik-groups"
+          "X-authentik-email"
+          "X-authentik-name"
+          "X-authentik-uid"
+          "X-authentik-jwt"
+          "X-authentik-meta-jwks"
+          "X-authentik-meta-outpost"
+          "X-authentik-meta-provider"
+          "X-authentik-meta-app"
+          "X-authentik-meta-version"
+        ];
+      };
     };
     services = {
       git.loadBalancer.servers = [ { url = "http://localhost:61026"; } ];
-- 
GitLab