chore: update flake

pkgs/default.nix

@@ -1,6 +1,5 @@
 [
   (import ./caddy.nix)
-  (import ./oauth2-proxy)
   (import ./scripts)
   (_final: prev: {
     deploy = prev.callPackage ./deploy.nix {};

pkgs/oauth2-proxy/0001-scopes-as-groups.patch

@@ -1,44 +0,0 @@
-diff --git a/providers/oidc.go b/providers/oidc.go
-index aadaf7c5..18b03a3e 100644
---- a/providers/oidc.go
-+++ b/providers/oidc.go
-@@ -10,6 +10,7 @@ import (
- 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
- 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
- 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-+	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
- 	"golang.org/x/oauth2"
- )
- 
-@@ -80,6 +81,31 @@ func (p *OIDCProvider) Redeem(ctx context.Context, redirectURL, code, codeVerifi
- // EnrichSession is called after Redeem to allow providers to enrich session fields
- // such as User, Email, Groups with provider specific API calls.
- func (p *OIDCProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error {
-+	// Fallback to ValidateURL if ProfileURL not set for legacy compatibility
-+	profileURL := p.ValidateURL.String()
-+	if p.ProfileURL.String() != "" {
-+		profileURL = p.ProfileURL.String()
-+	}
-+
-+	json, err := requests.New(profileURL).
-+		WithContext(ctx).
-+		SetHeader("Authorization", "Bearer "+s.AccessToken).
-+		Do().
-+		UnmarshalSimpleJSON()
-+	if err != nil {
-+		logger.Errorf("failed making request %v", err)
-+		return err
-+	}
-+
-+	groups, err := json.Get("scopes").StringArray()
-+	if err == nil {
-+		for _, group := range groups {
-+			if group != "" {
-+				s.Groups = append(s.Groups, group)
-+			}
-+		}
-+	}
-+
- 	// If a mandatory email wasn't set, error at this point.
- 	if s.Email == "" {
- 		return errors.New("neither the id_token nor the profileURL set an email")

pkgs/oauth2-proxy/default.nix

@@ -1,5 +0,0 @@
-_self: super: {
-  oauth2-proxy = super.oauth2-proxy.overrideAttrs (_: {
-    patches = [./0001-scopes-as-groups.patch];
-  });
-}