feat: more authentik stuff

access_management/authentik/docker-compose.yml

@@ -61,6 +61,10 @@ services:
       traefik.http.routers.authentik.entrypoints: "https"
       traefik.http.routers.authentik.tls.certresolver: "cloudflare"
       traefik.http.services.authentik.loadbalancer.server.port: "9000"
+      # Authentik Middleware
+      traefik.http.middlewares.authentik.forwardauth.address: "http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
+      traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: "true"
+      traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: "X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
       # Homepage
       homepage.group: "Management"
       homepage.name: "Authentik"

proxies/traefik/docker-compose.yml

@@ -26,6 +26,7 @@ services:
       - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
       - "traefik.http.routers.traefik.entrypoints=https"
       - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.middlewares=authentik@docker"
       - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
     networks:
       - traefik_public