wger: updated auth proxy header branch

2025-04-19 15:14:01 +02:00 · 2025-04-19 15:14:01 +02:00 · 076d676c41
commit 076d676c41
parent 6fedaed0f9
3 changed files with 38 additions and 15 deletions
--- a/machines/gerd/services/wger/default.nix
+++ b/machines/gerd/services/wger/default.nix
@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, lib, ... }:

 let
  svc_domain = "wger.${config.mine.shared.settings.domain}";
@ -20,19 +20,26 @@ in {
    wgerSettings = {
      EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>";

-      # use authelia for authentication (disable guest users + regisration)
-      AUTH_PROXY_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username;
      ALLOW_GUEST_USERS = false;
      ALLOW_REGISTRATION = false;
    };

    # django specific settings
-    djangoSettings = rec {
+    djangoSettings = let
+      headerToDjangoHeader = v: "HTTP_" + (lib.toUpper ((lib.replaceStrings [ "-" ] [ "_" ] v)));
+    in rec {
      # setup site stuff
      SITE_URL = "https://${svc_domain}";
      CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
      ALLOWED_HOSTS = [ svc_domain ];

+      # proxy auth
+      AUTH_PROXY_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.username;
+      AUTH_PROXY_USER_EMAIL_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.email;
+      AUTH_PROXY_USER_NAME_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.name;
+      AUTH_PROXY_TRUSTED_IPS = [ "127.0.0.1" ];
+      AUTH_PROXY_CREATE_UNKNOWN_USER = true;
+
      # setup email
      EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
      EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
@ -42,6 +49,21 @@ in {
      EMAIL_HOST_PASSWORD = "file:${config.age.secrets.wger-ldap-pass.path}";
      EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM;
      EMAIL_PAGE_DOMAIN = SITE_URL;
+
+      # LOGGING = {
+      #   version = 1;
+      #   disable_existing_loggers = false;
+      #   formatters.simple.format = "%(levelname)s %(asctime)s %(module)s %(message)s";
+      #   handlers.console = {
+      #     level = "DEBUG";
+      #     class = "logging.StreamHandler";
+      #     formatter = "simple";
+      #   };
+      #   loggers."" = {
+      #     handlers = ["console"];
+      #     level = "DEBUG";
+      #   };
+      # };
    };
  };