mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

feat: open-webui behind oauth2

Browse source
This commit is contained in:
oddlama 2024-06-09 20:46:58 +02:00
parent 673ea778a0
commit 55fe825a74
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
3 changed files with 21 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/oauth2-proxy.nix
View file

@ -42,6 +42,16 @@ in {
empty list to allow any authenticated client.
'';
};
X-User = mkOption {
type = types.str;
default = "$upstream_http_x_auth_request_preferred_username";
description = "The variable to set as X-User";
};
X-Email = mkOption {
type = types.str;
default = "$upstream_http_x_auth_request_email";
description = "The variable to set as X-User";
};
};
config = mkIf config.oauth2.enable {
extraConfig = ''
@ -50,8 +60,8 @@ in {
# pass information via X-User and X-Email headers to backend,
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
auth_request_set $user ${config.oauth2.X-User};
auth_request_set $email ${config.oauth2.X-Email};
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
@ -61,6 +71,7 @@ in {
'';
locations."@redirectToAuth2ProxyLogin" = {
# FIXME: allow refering to another node for the portaldomain
return = "307 https://${cfg.portalDomain}/oauth2/start?rd=$scheme://$host$request_uri";
extraConfig = ''
auth_request off;