homeserver/opt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

split Caddyfile

Browse Source
This commit is contained in:
Rik Veenboer
2024-12-04 22:17:05 +01:00
parent 10bb430d43
commit dde85a43e1
7 changed files with 107 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
caddy/conf/auth.caddy
View File

@@ -1,42 +1,41 @@
(auth) {
order authenticate before respond
order authorize before reverse_proxy
security {
oauth identity provider google {
realm google
driver google
client_id {$OAUTH_CLIENT_ID}
client_secret {$OAUTH_CLIENT_SECRET}
scopes openid email profile
}
authentication portal myportal {
enable identity provider google
cookie domain veenboer.xyz
ui {
links {
"My Identity" "/whoami" icon "las la-user"
}
}
order authenticate before respond
order authorize before reverse_proxy
security {
oauth identity provider google {
realm google
driver google
client_id {$OAUTH_CLIENT_ID}
client_secret {$OAUTH_CLIENT_SECRET}
scopes openid email profile
}
authentication portal myportal {
enable identity provider google
cookie domain veenboer.xyz
ui {
links {
"My Identity" "/whoami" icon "las la-user"
}
}
transform user {
match realm google
action add role authp/user
}
transform user {
match realm google
action add role authp/user
}
transform user {
match realm google
transform user {
match realm google
# Give this account admin role in the auth portal
match email rik.veenboer@gmail.com
action add role authp/admin
}
}
authorization policy mypolicy {
set auth url https://auth.rik.veenboer.xyz/oauth2/google
allow roles authp/admin authp/user
validate bearer header
inject headers with claims
}
}
}
# Give this account admin role in the auth portal
match email rik.veenboer@gmail.com
action add role authp/admin
}
}
authorization policy mypolicy {
set auth url https://auth.rik.veenboer.xyz/oauth2/google
allow roles authp/admin authp/user
validate bearer header
inject headers with claims
}
}
}