From 0266770c55721d44f7372581b143a0928a3f5b86 Mon Sep 17 00:00:00 2001
From: teidesu <alina@tei.su>
Date: Sun, 24 Nov 2024 01:15:29 +0300
Subject: [PATCH] feat(koi): oidc auth for hass

---
 hosts/koi/vms/hass.nix     |  10 +++++++++-
 secrets/hass-proxy-env.age | Bin 0 -> 358 bytes
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 secrets/hass-proxy-env.age

diff --git a/hosts/koi/vms/hass.nix b/hosts/koi/vms/hass.nix
index f834d30..627015f 100644
--- a/hosts/koi/vms/hass.nix
+++ b/hosts/koi/vms/hass.nix
@@ -22,12 +22,20 @@ in
     };
   };
 
+  desu.secrets.hass-proxy-env = {};
+  desu.openid-proxy.services.hass = {
+    clientId = "hass";
+    domain = "hass.stupid.fish";
+    upstream = "http://10.42.0.3:8123";
+    envSecret = "hass-proxy-env";
+  };
+
   services.nginx.virtualHosts."hass.stupid.fish" = {
     forceSSL = true;
     useACMEHost = "stupid.fish";
 
     locations."/" = {
-      proxyPass = "http://10.42.0.3:8123$request_uri";
+      proxyPass = "http://hass-oidc.docker$request_uri";
       proxyWebsockets = true;
     };
   };
diff --git a/secrets/hass-proxy-env.age b/secrets/hass-proxy-env.age
new file mode 100644
index 0000000000000000000000000000000000000000..cffd67927ae9c86981df1daea2f4735a609290b1
GIT binary patch
literal 358
zcmV-s0h#_`XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9Lb80v^Sa%>n
zZ$(B<Q&nkXH(_H$Lq<bVXf<&(QDbLxazl7ER!u@Ha&b#ZNJ&pGFf<BrOH)xWW>0xR
zHbPo4Z%arpVR2?RPH$y2K~F(%Q(;AJWq58&FHTx%Rxk=JEiE81Sz>ZDIBrr+RY7(u
zRWU+KH&|3-QB*H5cq?I8dRA;jN^Da$Z#P3raAOMm!;J6?J>)#gOc{^A<c6ZIS?nJs
zIUy?sFOyUTbvr1xGQfH)f{fHGWHz;*;YI)i=K9kwV4m3810oo~iWH%s2=?B=A#E_p
zF1kzF``l*1s9EI&<0oq9{BW`(RdsJu(;&pX<&F)%xvI5SWfHgC;L%xO&+=2#NJxDC
zfGTJ#@H75SN3;-<#8=!+uZ2(NazKyr;Y^4P&?0|G@@678W9YrvcthlzGshe?5wv)%
Ep7C#y-T(jq

literal 0
HcmV?d00001