switch to cap based home configs

2026-01-20 16:57:10 +01:00 · 2026-01-20 16:57:10 +01:00 · 49b6f5bde0
commit 49b6f5bde0
parent 50ee9aac83
64 changed files with 2064 additions and 1779 deletions
--- a/fili/services/auth/oauth2-proxy.nix
+++ b/fili/services/auth/oauth2-proxy.nix
@ -1,47 +0,0 @@
-{
-  config,
-  secrets,
-  ...
-}:
-{
-  sops.secrets.oauth2-proxy = {
-    sopsFile = "${secrets}/oauth2-proxy.env";
-  };
-
-  services.oauth2-proxy = {
-    enable = true;
-
-    provider = "oidc";
-    scope = "openid profile email groups";
-    clientID = "38aa51e2-783e-48f0-a4b9-440e269f1217";
-    oidcIssuerUrl = "https://auth.donsz.nl";
-    reverseProxy = true;
-
-    proxyPrefix = "/oauth2";
-
-    keyFile = config.sops.secrets.oauth2-proxy.path;
-
-    email.domains = [ "*" ];
-
-    cookie = {
-      domain = "donsz.nl";
-      refresh = "1h";
-      secure = true;
-    };
-
-    extraConfig = {
-      whitelist-domain = [ "*.donsz.nl" ];
-      insecure-oidc-allow-unverified-email = true;
-    };
-
-    nginx.domain = "oauth2.donsz.nl";
-  };
-
-  services.nginx.virtualHosts."oauth2.donsz.nl" = {
-    forceSSL = true;
-    http2 = true;
-    enableACME = true;
-
-    locations."/".return = "301 https://oauth2.donsz.nl/oauth2/sign_in";
-  };
-}