🏡 my personal home lab
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

oidc for bambuddy

+20 -3
+15 -1
modules/caddy.nix
··· 33 33 } 34 34 35 35 authorization policy ${name}_policy { 36 + crypto key verify {''$${lib.toUpper name}_JWT_SHARED_KEY} 36 37 set auth url https://${domain}/oauth2/${name} 37 38 allow roles authp/user 38 39 validate bearer header ··· 63 64 64 65 security { 65 66 ${mkCaddySecurity "tasks" "tasks.goo.garden"} 67 + ${mkCaddySecurity "bambuddy" "bambu.goo.garden"} 66 68 } 67 69 ''; 68 70 virtualHosts = { ··· 149 151 reverse_proxy rk1-node-2:8282 150 152 ''; 151 153 "bambu.goo.garden" = vhost '' 152 - reverse_proxy rk1-node-2:8001 154 + route /oauth2/* { 155 + authenticate with bambuddy_portal 156 + } 157 + route { 158 + authorize with bambuddy_policy 159 + reverse_proxy rk1-node-2:8001 160 + } 153 161 ''; 154 162 "knot.goo.garden" = vhost '' 155 163 reverse_proxy rk1-node-1:5555 ··· 170 178 TASKS_OIDC_CLIENT_ID=${config.sops.placeholder.tasks-oidc-client-id} 171 179 TASKS_OIDC_CLIENT_SECRET=${config.sops.placeholder.tasks-oidc-client-secret} 172 180 TASKS_JWT_SHARED_KEY=${config.sops.placeholder.tasks-jwt-shared-key} 181 + BAMBUDDY_OIDC_CLIENT_ID=${config.sops.placeholder.bambuddy-oidc-client-id} 182 + BAMBUDDY_OIDC_CLIENT_SECRET=${config.sops.placeholder.bambuddy-oidc-client-secret} 183 + BAMBUDDY_JWT_SHARED_KEY=${config.sops.placeholder.bambuddy-jwt-shared-key} 173 184 ''; 174 185 sops.secrets.tasks-oidc-client-id = { }; 175 186 sops.secrets.tasks-oidc-client-secret = { }; 176 187 sops.secrets.tasks-jwt-shared-key = { }; 188 + sops.secrets.bambuddy-oidc-client-id = { }; 189 + sops.secrets.bambuddy-oidc-client-secret = { }; 190 + sops.secrets.bambuddy-jwt-shared-key = { }; 177 191 178 192 networking.firewall.allowedTCPPorts = [ 179 193 80
+5 -2
secrets/secrets.yaml
··· 29 29 pds-master-key: ENC[AES256_GCM,data:jLDqeb5NHwy7CeWbaee4QA6P8QjAVzrNXUwtY4DPd2f5bFx02MTMGLlVXjqwWLcSyRnLDYzQqAhb7WCbRvInPQ==,iv:90D4Vs8+iIbPyvp62ntuX3BlL62euwLQB1DxAsAcewI=,tag:wrpby5KkdHHuF4tVR4A1Lw==,type:str] 30 30 fusion-oidc-client-id: ENC[AES256_GCM,data:6JJKTPi5nkroITCAIcjhPSeSOTGzf2ZIWq9zkOJlcQCK7rd7,iv:NMNgT5msJFT701JszhF9LtS24RDm74K4B/mRuIRIbMk=,tag:qwOq4QKyvO/3HtFrD9lkNw==,type:str] 31 31 fusion-oidc-client-secret: ENC[AES256_GCM,data:7VpmdfEGOVjmAlZHuQm549ZxbmEXFj1XAgWqTEungo8=,iv:N2It67esygSzGwO9tQrZlX4HW4V5o9x6kASovDFRF+g=,tag:kxkPxVZTUs776qmx8OGP6A==,type:str] 32 + bambuddy-oidc-client-id: ENC[AES256_GCM,data:Oix5LL0Th0+x9B0ZcRShYBDPkqRDYTXBi+HP+2ox7F7SrRDn,iv:K31M5y7unTZSqiPJWpiApa5o/LN2lcDcw6vZ/nCDGYA=,tag:iVTBQ6q91WQMqelh+N8gHQ==,type:str] 33 + bambuddy-oidc-client-secret: ENC[AES256_GCM,data:WPpwYFZhKk9vXvdXiyqSJP2NNRT40GL5VQYStwMr19E=,iv:cUu/r2SPvT80FYLF+5iXxXdoNXoPfwBbgIqykEYp+5M=,tag:c6T4+w0gEvkivMM1nlIGXg==,type:str] 34 + bambuddy-jwt-shared-key: ENC[AES256_GCM,data:7dWR3WF77NqhGc/supdLx36c4y/2rDQDaOqp7uWXgoMbcFlkM5VAE3BhS63GB8PO5hcF2SCwA1oh598rsZcRhw==,iv:WZgGv2igXCu9edd2q7fD6zzarmCYLNtEJRr5gJWxEUI=,tag:2TDpmlFYnVNFzMAMog1MyQ==,type:str] 32 35 mumble-password: ENC[AES256_GCM,data:/GA5G4CEVQ==,iv:Ri70GW9Ln7vv3Nf0CSNW0PwypLUNvh+kvJjUqu393ig=,tag:NY+u/RxcKudlaZStgnGVTw==,type:str] 33 36 backup-repository: ENC[AES256_GCM,data:v6tUjTwVsym8i52jcapjSRXPIjX2xNFY+bZRkHnVsp4AebcksHzHEDX6N4BF3OuQ2KepOfHngMn61Mk=,iv:HPV+8aCPpvFnytja6RUA7hJdtz2BMI1zsH01w1J9r2w=,tag:znMIFmrcsKTIq2TowhAV0w==,type:str] 34 37 backup-identity: ENC[AES256_GCM,data:8TJP7vSWJAj56AcczQhMRoQqahxM4EGzPm+wk1apMD+L3pybXh/4LPp0DNcGugOb3RPTyjki6jZArDgiirS+ltbldaNQPZaZ4cFrtiJVt8D/iQlsgM9tR8oC7bcR4KV+UoVeeXJN0fWqy5U+IzJ87ZRKKyb9i8WKhPuWFIftb4KqZRyada7jhl/SzwuoIcw9BagMJPLv6BaUmNp1j5fOHvo7RseImiIqsbVo37NTqMMQf7PKM5gsMU6bbeAMjtdeC2RNVG21eop8JlO5uYVyjGxyl5wfU+PwMSRc+XNpgeVEv9mjdo6dkG3QC2poHZ77ot4py6HzQPUZjwLyFsr0ccC4e6e0PNOBtTPtku/LnXHsV45LB9Q3X7t9VSYCTtlJul2W8huZuCRnv7crvIUW21ZMTWiwMbqNEqDUJTBcPLDi42Ea4CvA+I6ODJP8n5g7GTHW0ggy6FtjVXH5DzhzJJULQ27kq97EWi43bSRv0N+N5C1viM+j+hs6tM5eQ15niRVB,iv:YpRoGlD8YFxZ+RChb6T4Eh665AMTTeTJXRFR0xa7l3k=,tag:FWOVonF+SYbbgQoopa2lhA==,type:str] ··· 79 82 ajA5bDZCY1BnblVYRGQ1QTE2S2I4M2cKSIGmFBP6sqiiM+cvTMQuZHit9fN5Vffk 80 83 1pWz8xSen/tqoywqipRf3LqzFb2K7Bx15vwazHbm6LJJa+ZQaruVMg== 81 84 -----END AGE ENCRYPTED FILE----- 82 - lastmodified: "2026-04-06T22:13:26Z" 83 - mac: ENC[AES256_GCM,data:dRnuptZlnB1UsHQUS9+6DHF3WYO9WDzP3KroaL/HkudVckMNU/sb2tq9NiFQeSf8GbgpMygOB004Y7NeIjZNje3HWyCwHxANgDKCKSX+2mVIv01tBvON88QbMWFsQExvk8BWPX2kuwrzufvT/EWiRm78SvkVENyUT9cqLC4keuo=,iv:ckWynpwZ5fzCeyiRFiZpI/4BbITLYp1MzuZCe82V2Lc=,tag:/1/SD5GqshJex1+XGHVCcQ==,type:str] 85 + lastmodified: "2026-04-07T12:27:58Z" 86 + mac: ENC[AES256_GCM,data:2XYwg8e1g7k6lOI/YoucOLw8pcg8+Lyjj/LbuVjW1/Hgcsm8esT+YOoUnj9mQxNle2RidP2JGLedRHGY74atIH1thtpr3zxstmemZZ5BVTjG9ICe3dsMSxRJ+KIenyt0R254mWMFmY1C4wqL8NlCVpj0eTAhCC1KUksd63qsOhM=,iv:qxF4w+1t0nG5eEg7dfHabUPTLo7GY1hvPpos8TXdVFI=,tag:JLwKBfpFnj8aCANU9D7DOg==,type:str] 84 87 unencrypted_suffix: _unencrypted 85 88 version: 3.12.2