summaryrefslogtreecommitdiff
path: root/playbooks/roles/traefik/templates/volumes/oauth2proxy/oauth_proxy_alpha.yml
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/roles/traefik/templates/volumes/oauth2proxy/oauth_proxy_alpha.yml')
-rw-r--r--playbooks/roles/traefik/templates/volumes/oauth2proxy/oauth_proxy_alpha.yml75
1 files changed, 75 insertions, 0 deletions
diff --git a/playbooks/roles/traefik/templates/volumes/oauth2proxy/oauth_proxy_alpha.yml b/playbooks/roles/traefik/templates/volumes/oauth2proxy/oauth_proxy_alpha.yml
new file mode 100644
index 0000000..0f1b1ab
--- /dev/null
+++ b/playbooks/roles/traefik/templates/volumes/oauth2proxy/oauth_proxy_alpha.yml
@@ -0,0 +1,75 @@
+injectRequestHeaders:
+- name: X-Forwarded-User
+ values:
+ - claim: user
+- name: X-Forwarded-Email
+ values:
+ - claim: email
+- name: X-Forwarded-Preferred-Username
+ values:
+ - claim: preferred_username
+- name: X-Forwarded-Groups
+ values:
+ - claim: groups
+- name: Authorization
+ values:
+ - claim: id_token
+ prefix: 'Bearer '
+- name: "X-Forwarded-{{ oauth_proxy_super_secret_header }}"
+ values:
+ - value: "{{ oauth_proxy_super_secret_header | b64encode }}"
+injectResponseHeaders:
+- name: X-Auth-Request-User
+ values:
+ - claim: user
+- name: X-Auth-Request-Email
+ values:
+ - claim: email
+- name: X-Auth-Request-Preferred-Username
+ values:
+ - claim: preferred_username
+- name: X-Auth-Request-Groups
+ values:
+ - claim: groups
+- name: "X-Auth-Request-{{ oauth_proxy_super_secret_header }}"
+ values:
+ - value: "{{ oauth_proxy_super_secret_header | b64encode }}"
+- name: Authorization
+ values:
+ - claim: id_token
+ prefix: 'Bearer '
+metricsServer:
+ BindAddress: 0.0.0.0:5577
+ SecureBindAddress: ""
+ TLS: null
+providers:
+- id: kanidm
+ name: "{{ domain }} <3"
+ provider: oidc
+ clientID: "{{ oauth_proxy_client_id }}"
+ clientSecret: "{{ oauth_proxy_client_secret }}"
+ allowedGroups:
+ - "{{ oauth_proxy_group }}"
+ code_challenge_method: "S256"
+ scope: "openid profile groups email"
+ oidcConfig:
+ issuerURL: "https://{{ idm_domain }}/oauth2/openid/{{ oauth_proxy_client_id }}"
+ insecureSkipNonce: false
+ insecureAllowUnverifiedEmail: false
+ extraAudiences:
+ - "{{ oauth_proxy_client_id }}"
+ audienceClaims:
+ - aud
+ userIDClaim: sub
+ emailClaim: email
+ groupsClaim: groups
+server:
+ BindAddress: 0.0.0.0:4180
+ SecureBindAddress: ""
+ TLS: null
+upstreamConfig:
+ upstreams:
+ - id: "traefik"
+ static: true
+ path: "/"
+ staticCode: 202
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-24 02:04:37 +0000