improve security

2026-05-13 10:50:14 -05:00
parent 960a5d9c3b
commit d9420184a1
1 changed files with 4 additions and 2 deletions
--- a/modules/features/authentik.nix
+++ b/modules/features/authentik.nix
@@ -89,7 +89,8 @@
                    "traefik.http.routers.${name}.service" = "${name}";
                    "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";

-                    "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
+                    #"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
+                    "traefik.http.services.${name}.loadbalancer.server.port" = "${builtins.toString hostPort}";


                    "traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik";
@@ -103,6 +104,7 @@
                ];
                ports = [
                    "127.0.0.1:${builtins.toString hostPort}:9000/tcp"
+                    "192.168.101.11:${builtins.toString hostPort}:9000/tcp"
 #"9443:9443/tcp"
                ];
                cmd = [ "server" ];
@@ -118,7 +120,7 @@
                ];
                networks = [
                    "docker-main"
-                        "authentik_default"
+                    "authentik_default"
                ];
            };
            systemd.services."docker-authentik-server" = {