add authentik middleware

system/virtualization/docker/authentik/default.nix

@@ -95,6 +95,12 @@ in {
                 "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                 
                 "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
+                
+
+                "traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik";
+                "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
+                "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
+
             };
             volumes = [
                 "/etc/Authentik/custom-templates:/templates:rw"

system/virtualization/docker/traefik/config/routing.yml

@@ -7,6 +7,8 @@ http:
         - "localsecure"
       rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
       service: "homepage"
+      middlewares:
+        - authentik
       tls:
         certResolver: "cloudflare"
     
@@ -27,6 +29,15 @@ http:
       tls:
         certResolver: "cloudflare"
 
+    octoprint:
+      entryPoints:
+        - "localsecure"
+        - "websecure"
+      rule: "Host(`3dp.esotericbytes.com`)"
+      service: "octoprint"
+      tls:
+        certResolver: "cloudflare"
+
   services: 
     homepage:
       loadBalancer:
@@ -43,6 +54,11 @@ http:
         servers: 
           - url: "http://192.168.100.20:3000"
     
+    octoprint:
+      loadBalancer:
+        servers:
+          - url: "http://rpi-3dp.local"
+
 tcp:
   routers:
     gitea-ssh: