swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 13:19:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore:update flake
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
Flake check / Check flake (push) Has been cancelled
Details
Build and Deploy / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-02-03 13:00:32 +01:00
parent 52554d4f92
commit a343de7a90
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
11 changed files with 204 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/nixos/server/oauth2-proxy.nix
View file

@ -1,4 +1,4 @@
{ lib, config, globals, dns, confLib, ... }:
{ lib, config, pkgs, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "oauth2-proxy"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf oauthServer nginxAccessRules homeServiceAddress;
@ -165,6 +165,7 @@ in
services = {
${serviceName} = {
enable = true;
package = pkgs.dev.oauth2-proxy;
cookie = {
domain = ".${mainDomain}";
secure = true;
@ -176,13 +177,16 @@ in
httpAddress = "0.0.0.0:${builtins.toString servicePort}";
redirectURL = "https://${serviceDomain}/oauth2/callback";
setXauthrequest = true;
upstream = [
"static://202"
];
extraConfig = {
code-challenge-method = "S256";
whitelist-domain = ".${mainDomain}";
set-authorization-header = true;
pass-access-token = true;
skip-jwt-bearer-tokens = true;
upstream = "static://202";
oidc-issuer-url = "https://${kanidmDomain}/oauth2/openid/oauth2-proxy";
provider-display-name = "Kanidm";
};