Login rule

modules/server/containers/apps/invidious.nix

@@ -31,6 +31,13 @@ in {
       imageStream = image;
       port = 3000;
       secret = name;
+      extraLabels = {
+        "traefik.http.routers.${containerCfg.subdomain}-login.rule" = "Host(`${containerCfg.subdomain}.${serverCfg.domain}`) && Path(`/login`) ";
+        "traefik.http.routers.${containerCfg.subdomain}-login.middlewares" = if serverCfg.containers?authentik then "authentik" else "";
+        "traefik.http.routers.${containerCfg.subdomain}-login.priority" = "100";
+        "traefik.http.routers.${containerCfg.subdomain}-login.entrypoints" = "web-secure";
+        "traefik.http.routers.${containerCfg.subdomain}-login.tls" = "true";
+      };
       overrides = {
         cmd = [ "--config" "/data/config.yml" ];
         volumes = [

modules/server/containers/data/invidious/login.cr

@@ -65,6 +65,7 @@ module Invidious::Routes::Login
     end
 
     def self.login(env)
+        referer = get_referer(env, "/feed/subscriptions")
         env.redirect referer
         return error_template(403, "Login post is not supported.")
     end