sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

fix tls

Browse Source
This commit is contained in:
soraefir
2026-05-09 09:55:30 +02:00
parent dda8409329
commit 8b75968f11
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/server/containers/defs/traefik.nix
View File

@@ -21,15 +21,21 @@ in {
"traefik.http.routers.${containerCfg.subdomain}.service" = "api@internal";
"traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik";
"traefik.http.routers.${containerCfg.subdomain}.tls.certresolver=default"
"traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].main=${serverCfg.hostDomain}"
"traefik.http.routers.${containerCfg.subdomain}.tls.domains[0].sans=*.${serverCfg.hostDomain}"
"traefik.http.middlewares.authentik.forwardauth.address" = "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik";
"traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
};
extraEnv = {
};
# extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
overrides = {
cmd = [
"--api"
"--log.level=INFO"
"--log.level=DEBUG"
"--providers.docker=true"
"--global.checknewversion=false"
"--global.sendanonymoususage=false"
@@ -47,8 +53,8 @@ in {
"--certificatesresolvers.default.acme.tlschallenge=false"
"--certificatesresolvers.default.acme.httpchallenge=false"
"--certificatesresolvers.default.acme.dnschallenge=true"
"--certificatesresolvers.default.acme.storage=/custom/acme.json"
"--certificatesresolvers.default.acme.dnschallenge.provider=${containerCfg.extra.provider}"
"--certificatesresolvers.default.acme.storage=/custom/acme.json"
"--entrypoints.web-secure.http.tls=true"
"--entrypoints.web-secure.http.tls.certresolver=default"
"--entrypoints.web-secure.http.tls.domains[0].main=*.${serverCfg.hostDomain}"