sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sin_serhao:b3b8ffd90ff4de382e8d14c195e3e169dc583f67
Branches Tags
sin_serhao:master sin_serhao:authelia sin_serhao:disk sin_serhao:test-deploy
...
compare: sin_serhao:authelia
Branches Tags
sin_serhao:master sin_serhao:authelia sin_serhao:disk sin_serhao:test-deploy

1 Commits
b3b8ffd90f ... authelia

Author SHA1 Message Date
Sin Ser'Hao
d7c765b80e test
Some checks failed
/ perform flake analysis (push) Failing after 3h0m29s
Details
2026-01-27 20:40:20 +01:00
3 changed files with 29 additions and 0 deletions
Expand all files Collapse all files

1
hosts/sin/jellyfin.nix
View File

@@ -84,6 +84,7 @@ in
group = "starr";
settings = {
authentication.AuthenticationMethod = "external";
authentication.AuthenticationType = "enabled";
};
};
radarr = {

4
hosts/thea/authelia.nix
View File

@@ -49,6 +49,10 @@ in
access_control = {
default_policy = "deny";
rules = [
{
domain = "radarr.shobu.fr";
policy = "bypass";
}
{
domain = "*.shobu.fr";
policy = "one_factor";

24
hosts/thea/nginx.nix
View File

@@ -63,6 +63,23 @@ in
extraConfig = ''
include ${authelia-snippets.proxy};
include ${authelia-snippets.authelia-authrequest};
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# From https://gist.github.com/R0GGER/916183fca41f02df1471a6f455e5869f
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security "max-age=63072000; preload" always;
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header Permissions-Policy interest-cohort=();
add_header Expect-CT 'enforce; max-age=604800';
more_set_headers 'Server: Proxy';
more_clear_headers 'X-Powered-By';
proxy_ssl_server_name on;
'';
};
@@ -137,9 +154,16 @@ in
enableACME = true;
forceSSL = true;
extraConfig = ''
# include ${authelia-snippets.authelia-location};
# error_log /var/log/nginx/debug_files.log debug;
'';
locations."/" = {
proxyPass = "http://${sin-address}:8086";
extraConfig = ''
# include ${authelia-snippets.proxy};
# include ${authelia-snippets.authelia-authrequest};
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100M;
'';