From 8697469f5fe8e528ad2d4a7f8c3f879c0f98bece Mon Sep 17 00:00:00 2001
From: Nathan <nathanblunkall5@gmail.com>
Date: Sat, 28 Feb 2026 17:56:12 -0600
Subject: [PATCH] add authentik middleware

---
 .../virtualization/docker/authentik/default.nix  |  6 ++++++
 .../docker/traefik/config/routing.yml            | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/system/virtualization/docker/authentik/default.nix b/system/virtualization/docker/authentik/default.nix
index 79bc806..d189d17 100644
--- a/system/virtualization/docker/authentik/default.nix
+++ b/system/virtualization/docker/authentik/default.nix
@@ -95,6 +95,12 @@ in {
                 "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                 
                 "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
+                
+
+                "traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik";
+                "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
+                "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
+
             };
             volumes = [
                 "/etc/Authentik/custom-templates:/templates:rw"
diff --git a/system/virtualization/docker/traefik/config/routing.yml b/system/virtualization/docker/traefik/config/routing.yml
index 288981c..d613c8b 100644
--- a/system/virtualization/docker/traefik/config/routing.yml
+++ b/system/virtualization/docker/traefik/config/routing.yml
@@ -7,6 +7,8 @@ http:
         - "localsecure"
       rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
       service: "homepage"
+      middlewares:
+        - authentik
       tls:
         certResolver: "cloudflare"
     
@@ -27,6 +29,15 @@ http:
       tls:
         certResolver: "cloudflare"
 
+    octoprint:
+      entryPoints:
+        - "localsecure"
+        - "websecure"
+      rule: "Host(`3dp.esotericbytes.com`)"
+      service: "octoprint"
+      tls:
+        certResolver: "cloudflare"
+
   services: 
     homepage:
       loadBalancer:
@@ -42,6 +53,11 @@ http:
       loadBalancer:
         servers: 
           - url: "http://192.168.100.20:3000"
+    
+    octoprint:
+      loadBalancer:
+        servers:
+          - url: "http://rpi-3dp.local"
 
 tcp:
   routers: