From ece646d07a61933008347834f7f73549c3f7e48c Mon Sep 17 00:00:00 2001
From: Thomas Kendrick <tom@tkendrick.com>
Date: Fri, 19 Dec 2025 23:14:09 +0000
Subject: [PATCH] feat: more authentik stuff

---
 access_management/authentik/docker-compose.yml | 4 ++++
 proxies/traefik/docker-compose.yml             | 1 +
 2 files changed, 5 insertions(+)

diff --git a/access_management/authentik/docker-compose.yml b/access_management/authentik/docker-compose.yml
index d0404f5..72b02af 100644
--- a/access_management/authentik/docker-compose.yml
+++ b/access_management/authentik/docker-compose.yml
@@ -61,6 +61,10 @@ services:
       traefik.http.routers.authentik.entrypoints: "https"
       traefik.http.routers.authentik.tls.certresolver: "cloudflare"
       traefik.http.services.authentik.loadbalancer.server.port: "9000"
+      # Authentik Middleware
+      traefik.http.middlewares.authentik.forwardauth.address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
+      traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true"
+      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
       # Homepage
       homepage.group: "Management"
       homepage.name: "Authentik"
diff --git a/proxies/traefik/docker-compose.yml b/proxies/traefik/docker-compose.yml
index f99c2fd..c63dc84 100644
--- a/proxies/traefik/docker-compose.yml
+++ b/proxies/traefik/docker-compose.yml
@@ -26,6 +26,7 @@ services:
       - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
       - "traefik.http.routers.traefik.entrypoints=https"
       - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.middlewares=authentik@docker"
       - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
     networks:
       - traefik_public