hosts/VEGAS/modules/oauth2-proxy/default.nix

@@ -1,8 +1,7 @@
-{ config, lib, depot, ... }:
+{ config, depot, ... }:
 let
   inherit (depot.lib.meta) domain;
   login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}";
-  cfg = config.services.oauth2-proxy;
 in
 {
   age.secrets.oauth2_proxy-secrets = {
@@ -32,24 +31,4 @@ in
       skip-provider-button = true;
     };
   };
-  services.nginx.virtualHosts = lib.genAttrs cfg.nginx.virtualHosts (_vhost: {
-    # apply protection to the whole vhost, not just /
-    extraConfig = ''
-      auth_request /oauth2/auth;
-      error_page 401 = /oauth2/sign_in;
-
-      # pass information via X-User and X-Email headers to backend,
-      # requires running with --set-xauthrequest flag
-      auth_request_set $user   $upstream_http_x_auth_request_user;
-      auth_request_set $email  $upstream_http_x_auth_request_email;
-      proxy_set_header X-User  $user;
-      proxy_set_header X-Email $email;
-
-      # if you enabled --cookie-refresh, this is needed for it to work with auth_request
-      auth_request_set $auth_cookie $upstream_http_set_cookie;
-      add_header Set-Cookie $auth_cookie;
-    '';
-    locations."/oauth2/".extraConfig = "auth_request off;";
-    locations."/oauth2/auth".extraConfig = "auth_request off;";
-  });
 }