msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deertopia): Foundational Authelia setup

Browse Source 
By 'foundational,' I mean that a demo is working correctly.  Work will
continue in a follow-up commit integrating existing services with LDAP
and Authelia. ♥
This commit is contained in:
Madeleine Sydney
2025-02-21 13:51:05 -07:00
parent 6f3a6960e1
commit 01d8e5986c
8 changed files with 306 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
modules/nixos/deertopia/lldap.nix
View File

@@ -20,7 +20,7 @@ in {
sydnix.sops.secrets =
let e = {
mode = "0600";
mode = "0440";
owner = "lldap";
group = "lldap";
};
@@ -63,39 +63,5 @@ in {
enable = true;
keysZoneName = "auth_cache";
};
sydnix.deertopia.nginx.vhosts."ldap".vhost =
let consultant = "http://localhost:9090";
port = builtins.toString config.services.lldap.settings.http_port;
base-dn = config.services.lldap.settings.ldap_base_dn;
nginx-bind-user = "nginx-bind-user";
in {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
auth_request /auth-proxy;
error_page 401 =200 /login;
proxy_pass ${consultant};
'';
locations."/login".extraConfig = ''
proxy_pass ${consultant}/login;
proxy_set_header X-Target $request_uri;
'';
locations."= /auth-proxy".extraConfig = ''
internal;
proxy_pass ${consultant};
proxy_pass_request_body off;
proxy_pass_request_headers off;
proxy_set_header Content-Length "";
proxy_cache auth_cache;
proxy_cache_valid 200 10m;
proxy_cache_key "$http_authorization$cookie_nginxauth";
# proxy_set_header X-Ldap-URL "ldap://localhost:${port}";
# proxy_set_header X-Ldap-BaseDN "cn=people,${base-dn}";
# proxy_set_header X-Ldap-BindDN "cn=${nginx-bind-user},${base-dn}";
# proxy_set_header X-Ldap-BindPass "secret123";
# proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
'';
};
};
}