diff --git a/config/proxy-traefik.nix b/config/proxy-traefik.nix index f267aeb..eb6cb02 100644 --- a/config/proxy-traefik.nix +++ b/config/proxy-traefik.nix @@ -273,6 +273,12 @@ in middlewares = [ "authentik" ]; tls.certResolver = "letsencrypt"; }; + rootDomain = { + rule = "Host(`${(builtins.substring 1 (builtins.stringLength dmn) dmn)}`)"; + service = "auth-service"; + entryPoints = [ "websecure" ]; + tls.certResolver = "letsencrypt"; + }; } ; diff --git a/containers/media.nix b/containers/media.nix index f64379a..06a29d8 100644 --- a/containers/media.nix +++ b/containers/media.nix @@ -28,7 +28,7 @@ in }; }; private = true; - auth = true; + auth = false; description = "Serveur média avec Jellyfin / jellyseer (?)."; icon = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/jellyfin.png"; }; diff --git a/modules/containers-terraform-authentik.nix b/modules/containers-terraform-authentik.nix index c2b0565..6989ef0 100644 --- a/modules/containers-terraform-authentik.nix +++ b/modules/containers-terraform-authentik.nix @@ -75,9 +75,15 @@ in protocol_provider = "\${resource.authentik_provider_oauth2.jellyfin.id}"; meta_icon = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/jellyfin.png"; }; + proxmox = { + name = "proxmox"; + slug = "proxmox"; + protocol_provider = "\${resource.authentik_provider_oauth2.proxmox.id}"; + meta_icon = "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/proxmox-light.png"; + }; }; - authentik_application_entitlement = { + authentik_application_entitlement = { gitadmin = { name = "gitadmin"; application = "\${authentik_application.gitea.uuid}"; @@ -135,6 +141,10 @@ in outpost = "\${data.authentik_outpost.embedded.id}"; protocol_provider = "\${authentik_provider_oauth2.jellyfin.id}"; }; + proxmox = { + outpost = "\${data.authentik_outpost.embedded.id}"; + protocol_provider = "\${authentik_provider_oauth2.proxmox.id}"; + }; }; authentik_property_mapping_provider_scope = { @@ -299,6 +309,29 @@ in } ]; }; + proxmox = { + name = "proxmox"; + authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}"; + invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}"; + client_id = "fLYPaQGtr7JYC2hIP12tQgiNiTH5h3Yl4htpPs7a"; + client_secret = "mrNbX6WUZlWJOjMF2N4v91hyWgHhP1rgEtrW6TUioweHtDElLsTavX3ijB2QZgnqoUG8sR8r0fQ1OofjPNvZ8t8GFZLL5C8oRw1tKXoMFlryuw8GqwOqyxxmh0UjDK2o"; + + property_mappings = [ + "\${data.authentik_property_mapping_provider_scope.openid_openid.id}" + "\${data.authentik_property_mapping_provider_scope.openid_profile.id}" + "\${data.authentik_property_mapping_provider_scope.openid_email.id}" + ]; + + signing_key = "\${data.authentik_certificate_key_pair.generated.id}"; + + allowed_redirect_uris = [ + { + matching_mode = "strict"; + url = "https://proxmox.plg.m0rel.eu/"; + } + ]; + sub_mode = "user_email"; + }; }; authentik_group = {