feat(koi): oidc auth for hass

2024-11-24 01:15:29 +03:00 · 2024-11-24 01:15:29 +03:00 · 0266770c55
commit 0266770c55
parent b893d6e21e
2 changed files with 9 additions and 1 deletions
--- a/hosts/koi/vms/hass.nix
+++ b/hosts/koi/vms/hass.nix
@ -22,12 +22,20 @@ in
    };
  };

+  desu.secrets.hass-proxy-env = {};
+  desu.openid-proxy.services.hass = {
+    clientId = "hass";
+    domain = "hass.stupid.fish";
+    upstream = "http://10.42.0.3:8123";
+    envSecret = "hass-proxy-env";
+  };
+
  services.nginx.virtualHosts."hass.stupid.fish" = {
    forceSSL = true;
    useACMEHost = "stupid.fish";

    locations."/" = {
-      proxyPass = "http://10.42.0.3:8123$request_uri";
+      proxyPass = "http://hass-oidc.docker$request_uri";
      proxyWebsockets = true;
    };
  };
--- a/secrets/hass-proxy-env.age
+++ b/secrets/hass-proxy-env.age