From 818caf88a2b7a4fa32211d96cc83fb4d6ace3485 Mon Sep 17 00:00:00 2001 From: rope Date: Fri, 22 May 2026 22:03:34 +0100 Subject: [PATCH] frigate: map Remote-Role header for admin access via Authelia Co-Authored-By: Claude Opus 4.6 --- services/frigate.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/services/frigate.nix b/services/frigate.nix index 23f3115..9e935b4 100644 --- a/services/frigate.nix +++ b/services/frigate.nix @@ -13,7 +13,10 @@ settings = { mqtt.enabled = false; - proxy.header_map.user = "Remote-User"; + proxy.header_map = { + user = "Remote-User"; + role = "Remote-Role"; + }; cameras.kids_bedroom = { enabled = true; @@ -62,6 +65,10 @@ proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Uri $request_uri; proxy_set_header X-Forwarded-For $remote_addr; + + # Inject admin role into auth response so Frigate's + # auth_request_set $role $upstream_http_remote_role picks it up + add_header Remote-Role admin; ''; };