diff --git a/services/frigate.nix b/services/frigate.nix index 23f3115..9e935b4 100644 --- a/services/frigate.nix +++ b/services/frigate.nix @@ -13,7 +13,10 @@ settings = { mqtt.enabled = false; - proxy.header_map.user = "Remote-User"; + proxy.header_map = { + user = "Remote-User"; + role = "Remote-Role"; + }; cameras.kids_bedroom = { enabled = true; @@ -62,6 +65,10 @@ proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Uri $request_uri; proxy_set_header X-Forwarded-For $remote_addr; + + # Inject admin role into auth response so Frigate's + # auth_request_set $role $upstream_http_remote_role picks it up + add_header Remote-Role admin; ''; };