From bcce14ea82aacc11e9300c049f58aed472f58cfa Mon Sep 17 00:00:00 2001
From: Tristan <tristan@tristans.cloud>
Date: Sat, 17 Feb 2024 01:31:18 +0000
Subject: [PATCH] authentik (still in podman)

---
 hardware/alpine.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/hardware/alpine.nix b/hardware/alpine.nix
index db64151..86ccc79 100644
--- a/hardware/alpine.nix
+++ b/hardware/alpine.nix
@@ -141,6 +141,19 @@ in {
         enableACME = true;
         locations."~".proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
       };
+      "auth.tristans.cloud" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."~" = {
+          proxyPass = "http://localhost:8084";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Host $host;
+          '';
+        };
+      };
     };
   };
   security.acme = {