cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: cnst:working
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken
...
compare: cnst:67e83e3e4e2c6813623a31cf0bed8408e63cc6ab
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken

1 Commits
working ... 67e83e3e4e

Author SHA1 Message Date
cnst
67e83e3e4e feat(authentik): fixing some fail2ban things 2025-10-02 05:45:35 +02:00
2 changed files with 7 additions and 3 deletions
Expand all files Collapse all files

2
hosts/sobotka/modules.nix
View File

@@ -214,7 +214,7 @@
flags = "--performance"; flags = "--performance";
}; };
tailscale = { tailscale = {
enable = true; enable = false;
}; };
udisks = { udisks = {
enable = true; enable = true;

8
modules/server/authentik/default.nix
View File

@@ -54,10 +54,14 @@ in {
authentikEnv = { authentikEnv = {
file = "${self}/secrets/authentikEnv.age"; file = "${self}/secrets/authentikEnv.age";
owner = "authentik"; owner = "authentik";
group = "authentik";
mode = "0400";
}; };
authentikCloudflared = { authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age"; file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik"; owner = "authentik";
group = "authentik";
mode = "0400";
}; };
}; };
@@ -66,7 +70,7 @@ in {
jails = { jails = {
authentik = { authentik = {
serviceName = "authentik"; serviceName = "authentik";
failregex = ^.*Username or password is incorrect.*IP:\s*<HOST> failRegex = "^.*Username or password is incorrect.*IP:\s*<HOST>";
}; };
}; };
}; };
@@ -99,7 +103,7 @@ in {
middlewares = { middlewares = {
authentik = { authentik = {
forwardAuth = { forwardAuth = {
tls.insecureSkipVerify = true; # tls.insecureSkipVerify = true;
address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik"; address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true; trustForwardHeader = true;
authResponseHeaders = [ authResponseHeaders = [