authelia.nginx: add auth proxy headers to shared info

2025-01-02 17:18:31 +01:00 · 2025-01-02 17:18:31 +01:00 · 5c65f7f922
commit 5c65f7f922
parent 9fd8d7b900
4 changed files with 29 additions and 13 deletions
--- a/machines/gerd/services/member-website/app.py
+++ b/machines/gerd/services/member-website/app.py
@ -8,6 +8,7 @@ import argparse
 import logging
 import json
 import sys
+import os

 logging.basicConfig()
 logger = logging.getLogger(__name__)
@ -94,10 +95,10 @@ def extract_secrets() -> dict[str, str]:
 def index():
    # extract user information
    user_info = {
-        "username": request.headers.get("Remote-User"),
-        "name": request.headers.get("Remote-Name"),
-        "groups": request.headers.get("Remote-Groups"),
-        "email": request.headers.get("Remote-Email"),
+        "username": request.headers.get(os.environ.get("AUTH_PROXY_USERNAME")),
+        "name": request.headers.get(os.environ.get("AUTH_PROXY_NAME")),
+        "groups": request.headers.get(os.environ.get("AUTH_PROXY_GROUPS")),
+        "email": request.headers.get(os.environ.get("AUTH_PROXY_EMAIL")),
    }
    tmpl_firstpass = render_template_string(
        tmpl_index,
--- a/machines/gerd/services/member-website/default.nix
+++ b/machines/gerd/services/member-website/default.nix
@ -9,6 +9,14 @@ in {
    description = "members area website";
    wantedBy = [ "multi-user.target" ];
    after = [ "networking.target" ];
+
+    environment = {
+      AUTH_PROXY_USERNAME = config.mine.shared.lib.authelia.protectedHeaders.username;
+      AUTH_PROXY_GROUPS = config.mine.shared.lib.authelia.protectedHeaders.groups;
+      AUTH_PROXY_EMAIL = config.mine.shared.lib.authelia.protectedHeaders.email;
+      AUTH_PROXY_NAME = config.mine.shared.lib.authelia.protectedHeaders.name;
+    };
+
    serviceConfig = {
      ExecStart = let
        pythonEnv = pkgs.python3.withPackages(ps: with ps; [ flask ]);