- adguard.nordhammer.it now routes through Authelia forward auth
(AdGuard Home itself has no login, so this becomes the single gate)
- Added Authelia ACL rule for the subdomain so default_policy=deny
returns 401 for redirect instead of 403
- Added AdGuard Home widget to Homepage under Infrastructure
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Without this rule the subdomain falls under default_policy=deny,
which returns 403 instead of the 401 that nginx needs to redirect
to the Authelia login page.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01
- Native Authelia SSO with forward auth protecting homepage + camera
- Native go2rtc camera streaming (no more Docker)
- Auto-migration script for Authelia secrets and user database from Docker
- Homepage hrefs updated to use HTTPS domain names
- Fail2ban updated for native nginx log paths + new Authelia jail
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
