From 9fe35669294897702293cd537f131e1b0cd92347 Mon Sep 17 00:00:00 2001
From: Rik Veenboer <rik.veenboer@gmail.com>
Date: Sat, 16 Nov 2024 16:33:05 +0100
Subject: [PATCH] move homeassistant to caddy with authentik

---
 caddy/Caddyfile                    | 30 +++++++++++++++++++++++++++++-
 nginx/etc/nginx/conf.d/global.conf | 23 -----------------------
 2 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index eb19af2..749eead 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -20,7 +20,28 @@ authentik.rik.veenboer.xyz {
 	reverse_proxy /outpost.goauthentik.io/* http://host:19000
 	forward_auth http://host:19000 {
 		uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
-		copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+		copy_headers {
+			X-Authentik-Username
+			X-Authentik-Groups
+			X-Authentik-Email
+			X-Authentik-Name
+			X-Authentik-Uid
+			X-Authentik-Jwt
+			X-Authentik-Meta-Jwks
+			X-Authentik-Meta-Outpost
+			X-Authentik-Meta-Provider
+			X-Authentik-Meta-App
+			X-Authentik-Meta-Version
+			X-Authentik-Other
+			X-Authentik-Password
+			X-Authentik-This
+			X-Authentik-What
+			Authorization>X-Custom-Authorization
+			X-Custom-User
+			X-Custom-Password
+			X-User-Header
+			X-Homeassistant-User
+		}
 	}
 }
 
@@ -39,3 +60,10 @@ import proxy photoprism host:2342
 import proxy qbittorrent host:9092
 import proxy esp host:6052
 import proxy dsmr host:8888
+import proxy ha host:8123 # homeassistant
+
+insecure.rik.veenboer.xyz {
+	route {
+		reverse_proxy host:12345
+	}
+}
diff --git a/nginx/etc/nginx/conf.d/global.conf b/nginx/etc/nginx/conf.d/global.conf
index 7773f25..4a7115a 100644
--- a/nginx/etc/nginx/conf.d/global.conf
+++ b/nginx/etc/nginx/conf.d/global.conf
@@ -53,29 +53,6 @@ server {
     }
 }
 
-server {
-    # homeassistant
-    listen 80;
-
-    server_name ha.rik.veenboer.xyz;
-    location / {
-        proxy_pass http://host:8123;
-        include /etc/nginx/conf/proxy.conf;
-    }
-}
-
-server {
-    # homeassistant
-    listen 80;
-
-    server_name ha-loazrzzxydfxopwi.rik.veenboer.xyz;
-    location / {
-        proxy_pass http://host:8123;
-        include /etc/nginx/conf/proxy.conf;
-        proxy_set_header X-Forwarded-Preferred-Username rik;
-    }
-}
-
 server {
     # homarr
     listen 80;