Add oauth2_proxy and use for calibre oauth2_proxy is a service that allows adding authentication via proxy headers to arbitrary web applications. As calibre doesn't support OIDC directly, we can configure oauth2_proxy with nginx to lock users out of calibre until they authenticate with keycloak, and then provide the username to calibre to authenticate without a password Change-Id: I933a6df20143ac2bd25513a4bcd2817cf6228191 Reviewed-on: https://git.clicks.codes/c/Clicks/NixFiles/+/203 Tested-by: Skyler Grey <minion@clicks.codes> Reviewed-by: Samuel Shuert <coded@clicks.codes>

commit: 9faaa8a22befb9bf1e420bb9ec3192a7edf3a199 [log] [tgz]
author: Skyler Grey <minion@clicks.codes> Sat Dec 23 18:50:04 2023 +0000
committer: Skyler Grey <minion@clicks.codes> Sat Dec 23 19:35:25 2023 +0000
tree: f33f48cf1d68607aaa89b722f9c0f9e2612c73a5
parent: 58fbb978cebe21d2e93d00544f2f4aa32872875c [diff] [blame]
diff --git a/modules/common/calibre.nix b/modules/common/calibre.nix
index c11d0a8..88df2c2 100644
--- a/modules/common/calibre.nix
+++ b/modules/common/calibre.nix

@@ -29,9 +29,9 @@
       calibreLibrary = "${config.services.nextcloud.datadir}/data/clicks-services/files/calibre";
 
       reverseProxyAuth = {
-        enable = false;
-        header = "keycloak_oidc";
-      }; # TODO: setup keycloak auth with oauth2_proxy
+        enable = true;
+        header = "X-User";
+      };
     };
   };
 }
\ No newline at end of file
commit	9faaa8a22befb9bf1e420bb9ec3192a7edf3a199	[log] [tgz]
author	Skyler Grey <minion@clicks.codes>	Sat Dec 23 18:50:04 2023 +0000
committer	Skyler Grey <minion@clicks.codes>	Sat Dec 23 19:35:25 2023 +0000
tree	f33f48cf1d68607aaa89b722f9c0f9e2612c73a5
parent	58fbb978cebe21d2e93d00544f2f4aa32872875c [diff] [blame]