mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: remove caddy, enable nginx with oauth2_proxy

Browse source
This commit is contained in:
oddlama 2023-06-21 23:57:33 +02:00
parent 041cf9cc33
commit 5f02889bd0
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
6 changed files with 37 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

33
hosts/sentinel/oauth2.nix Normal file
View file

@ -0,0 +1,33 @@
{
lib,
config,
pkgs,
...
}: {
extra.oauth2_proxy = {
enable = true;
cookieDomain = config.repo.secrets.local.personalDomain;
authProxyDomain = "sentinel.${config.repo.secrets.local.personalDomain}";
};
age.secrets.oauth2-proxy-secret = {
rekeyFile = ./secrets/oauth2-proxy-secret.age;
mode = "440";
group = "oauth2_proxy";
};
services.oauth2_proxy = {
# TODO cookie refresh
provider = "oidc";
scope = "openid";
loginURL = "https://${config.proxiedDomains.kanidm}/ui/oauth2";
redeemURL = "https://${config.proxiedDomains.kanidm}/oauth2/token";
validateURL = "https://${config.proxiedDomains.kanidm}/oauth2/openid/web-sentinel/userinfo";
clientID = "web-sentinel";
keyFile = config.age.secrets.oauth2-proxy-secret.path;
email.domains = ["*"];
extraConfig.skip-provider-button = true;
};
}