rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Put Servarr + qBit + games + search behind Authelia

Browse source 
Only Jellyfin and the Authelia portal itself stay unprotected externally
(Jellyfin because it's streamed to remote clients; Authelia because it
is the login gate). Everything else (sonarr, radarr, bazarr, prowlarr,
torrent/qBittorrent, games, search) now goes through Authelia forward auth.

Internal integrations (Homepage widgets, Prowlarr → Sonarr/Radarr,
Bazarr → Sonarr/Radarr, transcode-hevc qBit queries) use 127.0.0.1:PORT
directly, so they are unaffected.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
ediblerope 2026-04-24 11:21:28 +01:00
parent 0c937b8601
commit bcaecc244d
2 changed files with 17 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

7
services/authelia.nix
View file

@ -74,6 +74,13 @@ in
{ domain = "homepage.nordhammer.it"; policy = "one_factor"; }
{ domain = "7dtd.nordhammer.it"; policy = "one_factor"; }
{ domain = "adguard.nordhammer.it"; policy = "one_factor"; }
{ domain = "sonarr.nordhammer.it"; policy = "one_factor"; }
{ domain = "radarr.nordhammer.it"; policy = "one_factor"; }
{ domain = "bazarr.nordhammer.it"; policy = "one_factor"; }
{ domain = "prowlarr.nordhammer.it"; policy = "one_factor"; }
{ domain = "torrent.nordhammer.it"; policy = "one_factor"; }
{ domain = "games.nordhammer.it"; policy = "one_factor"; }
{ domain = "search.nordhammer.it"; policy = "one_factor"; }
];
};