0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

add oauth2-proxy

Browse source
This commit is contained in:
Grigory Shipunov 2025-01-19 23:04:22 +00:00
parent edc0ae4062
commit 31106bdf15
2 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/auth/default.nix
View file

@ -5,6 +5,7 @@ in
{ {
imports = [ imports = [
./keycloak.nix ./keycloak.nix
./oauth2-proxy.nix
]; ];
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

25
hosts/auth/oauth2-proxy.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, ... }:
{
sops.secrets."oauth2-proxy/env" = {
owner = config.users.users.oauth2-proxy.name;
};
services.oauth2-proxy = {
enable = true;
reverseProxy = true;
provider = "keycloak-oidc";
httpAddress = "0.0.0.0:4180";
oidcIssuerUrl = "https://auth.oxapentane.com/realms/0xalab-prod";
clientID = "radicale-proxy";
redirectURL = "https://dav.oxapentane.com/oauth2/callback";
keyFile = config.sops.secrets."oauth2-proxy/env".path;
scope = "openid";
email.domains = [ "*" ];
setXauthrequest = true;
cookie = {
secure = true;
refresh = "48h0m0s";
domain = ".oxapentane.com";
};
};
}