privatevoid.net/depot
1
1
Fork 0
Code Issues 18 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

VEGAS/oauth2-proxy: remove custom extraConfig stuff

Browse source
This commit is contained in:
Max Headroom 2024-06-04 17:45:28 +02:00
parent d8c0fd5ea2
commit 0ce1427d36
1 changed files with 1 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
hosts/VEGAS/modules/oauth2-proxy/default.nix
View file

@ -1,8 +1,7 @@
{ config, lib, depot, ... }: { config, depot, ... }:
let let
inherit (depot.lib.meta) domain; inherit (depot.lib.meta) domain;
login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}"; login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}";
cfg = config.services.oauth2-proxy;
in in
{ {
age.secrets.oauth2_proxy-secrets = { age.secrets.oauth2_proxy-secrets = {
@ -32,24 +31,4 @@ in
skip-provider-button = true; skip-provider-button = true;
}; };
}; };
services.nginx.virtualHosts = lib.genAttrs cfg.nginx.virtualHosts (_vhost: {
# apply protection to the whole vhost, not just /
extraConfig = ''
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# pass information via X-User and X-Email headers to backend,
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
'';
locations."/oauth2/".extraConfig = "auth_request off;";
locations."/oauth2/auth".extraConfig = "auth_request off;";
});
} }