moved mail

2025-07-17 00:35:44 +02:00 · 2025-07-17 00:35:44 +02:00 · 032072374b
commit 032072374b
parent c46903e3a0
35 changed files with 511 additions and 324 deletions
--- a/nixos/hosts/traefik/configuration/middlewares.nix
+++ b/nixos/hosts/traefik/configuration/middlewares.nix
@ -19,25 +19,16 @@ in {
    };
  };

-  oauth-auth = {
+  authelia = {
    forwardAuth = {
-      address = "http://localhost:4180/";
+      address = "http://auth.lab:9091/api/authz/forward-auth";
      trustForwardHeader = true;
      authResponseHeaders = [
-        "Authorization"
-        "X-Auth-Request-Access-Token"
-        "X-Auth-Request-User"
-        "X-Auth-Request-Email"
-        "X-Auth-Request-Preferred-Username" # Recommended
-        "X-Auth-Request-Access-Token" # If you want to pass the token
-        "X-Auth-Request-Groups" # If you configured a mapper in Keycloak to emit groups
+        "Remote-User"
+        "Remote-Groups"
+        "Remote-Email"
+        "Remote-Name"
      ];
    };
  };
-
-  restrict-admin = {
-    forwardAuth = {
-      address = "http://localhost:4180/oauth2/auth?allowed_groups=role:admin";
-    };
-  };
 }