plasmagoat/homelab
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

moved mail
Some checks failed
Test / tests (push) Has been cancelled
Details

Browse source
This commit is contained in:
plasmagoat 2025-07-17 00:35:44 +02:00
parent c46903e3a0
commit 032072374b
35 changed files with 511 additions and 324 deletions
Download patch file Download diff file Expand all files Collapse all files

15
nixos/hosts/traefik/configuration/auth/routers.nix
View file

@ -13,19 +13,10 @@
tls.certResolver = "letsencrypt";
};
oauth2proxy = {
rule = "Host(`radarr.procopius.dk`) && PathPrefix(`/oauth2/`)";
service = "oauth2proxy";
lldap = {
rule = "Host(`lldap.procopius.dk`)";
service = "lldap";
entryPoints = ["websecure"];
middlewares = ["auth-headers"];
tls.certResolver = "letsencrypt";
};
oauth2route = {
rule = "Host(`oauth.procopius.dk`)";
service = "oauth2proxy";
entryPoints = ["websecure"];
middlewares = ["auth-headers"];
tls.certResolver = "letsencrypt";
};
}

2
nixos/hosts/traefik/configuration/auth/services.nix
View file

@ -1,6 +1,6 @@
{
keycloak.loadBalancer.servers = [{url = "http://keycloak.lab:8080";}];
oauth2proxy.loadBalancer.servers = [{url = "http://localhost:4180";}];
authelia.loadBalancer.servers = [{url = "http://auth.lab:9091";}];
lldap.loadBalancer.servers = [{url = "http://auth.lab:17170";}];
}

4
nixos/hosts/traefik/configuration/infra/routers.nix
View file

@ -3,7 +3,7 @@
rule = "Host(`traefik.procopius.dk`)";
service = "traefik";
entryPoints = ["websecure"];
middlewares = ["oauth-auth"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
@ -25,7 +25,7 @@
rule = "Host(`proxmox.procopius.dk`)";
service = "proxmox";
entryPoints = ["websecure"];
middlewares = ["oauth-auth"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
nas = {

46
nixos/hosts/traefik/configuration/media-center/routers.nix
View file

@ -6,14 +6,18 @@
tls.certResolver = "letsencrypt";
};
jellyseerr = {
rule = "Host(`jellyseerr.procopius.dk`)";
service = "jellyseerr";
entryPoints = ["websecure"];
tls.certResolver = "letsencrypt";
};
radarr = {
rule = "Host(`radarr.procopius.dk`)";
service = "radarr";
entryPoints = ["websecure"];
middlewares = [
"oauth-auth"
"restrict-admin"
];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
@ -21,15 +25,39 @@
rule = "Host(`sonarr.procopius.dk`)";
service = "sonarr";
entryPoints = ["websecure"];
middlewares = ["oauth-auth"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
jellyseerr = {
rule = "Host(`jellyseerr.procopius.dk`)";
service = "jellyseerr";
prowlarr = {
rule = "Host(`prowlarr.procopius.dk`)";
service = "prowlarr";
entryPoints = ["websecure"];
# middlewares = ["oauth-auth"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
bazarr = {
rule = "Host(`bazarr.procopius.dk`)";
service = "bazarr";
entryPoints = ["websecure"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
lidarr = {
rule = "Host(`lidarr.procopius.dk`)";
service = "lidarr";
entryPoints = ["websecure"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
readarr = {
rule = "Host(`readarr.procopius.dk`)";
service = "readarr";
entryPoints = ["websecure"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
}

7
nixos/hosts/traefik/configuration/media-center/services.nix
View file

@ -1,6 +1,11 @@
{
jellyfin.loadBalancer.servers = [{url = "http://media.lab:8096";}];
jellyseerr.loadBalancer.servers = [{url = "http://media.lab:5055";}];
radarr.loadBalancer.servers = [{url = "http://media.lab:7878";}];
sonarr.loadBalancer.servers = [{url = "http://media.lab:8989";}];
jellyseerr.loadBalancer.servers = [{url = "http://media.lab:5055";}];
readarr.loadBalancer.servers = [{url = "http://media.lab:8787";}];
lidarr.loadBalancer.servers = [{url = "http://media.lab:8686";}];
bazarr.loadBalancer.servers = [{url = "http://media.lab:6767";}];
prowlarr.loadBalancer.servers = [{url = "http://media.lab:9696";}];
}

21
nixos/hosts/traefik/configuration/middlewares.nix
View file

@ -19,25 +19,16 @@ in {
};
};
oauth-auth = {
authelia = {
forwardAuth = {
address = "http://localhost:4180/";
address = "http://auth.lab:9091/api/authz/forward-auth";
trustForwardHeader = true;
authResponseHeaders = [
"Authorization"
"X-Auth-Request-Access-Token"
"X-Auth-Request-User"
"X-Auth-Request-Email"
"X-Auth-Request-Preferred-Username" # Recommended
"X-Auth-Request-Access-Token" # If you want to pass the token
"X-Auth-Request-Groups" # If you configured a mapper in Keycloak to emit groups
"Remote-User"
"Remote-Groups"
"Remote-Email"
"Remote-Name"
];
};
};
restrict-admin = {
forwardAuth = {
address = "http://localhost:4180/oauth2/auth?allowed_groups=role:admin";
};
};
}

6
nixos/hosts/traefik/configuration/monitoring/routers.nix
View file

@ -3,7 +3,7 @@
rule = "Host(`prometheus.procopius.dk`)";
service = "prometheus";
entryPoints = ["websecure"];
middlewares = ["oauth-auth"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
grafana = {
@ -16,14 +16,14 @@
rule = "Host(`alertmanager.procopius.dk`)";
service = "alertmanager";
entryPoints = ["websecure"];
middlewares = ["oauth-auth"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
gatus = {
rule = "Host(`gatus.procopius.dk`)";
service = "gatus";
entryPoints = ["websecure"];
middlewares = ["oauth-auth"];
middlewares = ["authelia"];
tls.certResolver = "letsencrypt";
};
umami = {