services:
    vouch:
        image: quay.io/vouch/vouch-proxy:alpine-0.41.0
        container_name: vouch
        ports:
        - 9090:9090
        environment:
            # Google
            # - OAUTH_PROVIDER=google
            # - OAUTH_CLIENT_ID=889676430308-ivr6b4fmneivn70ri2ugm1gkbgoh5qdq.apps.googleusercontent.com
            # - OAUTH_CLIENT_SECRET=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
            # - https://www.googleapis.com/oauth2/v3/userinfo

            # Google
            # - OAUTH_PROVIDER=oidc
            # - OAUTH_CLIENT_ID=889676430308-ivr6b4fmneivn70ri2ugm1gkbgoh5qdq.apps.googleusercontent.com
            # - OAUTH_CLIENT_SECRET=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
            # - OAUTH_AUTH_URL=https://accounts.google.com/o/oauth2/auth
            # - OAUTH_TOKEN_URL=https://accounts.google.com/o/oauth2/token
            # - OAUTH_USER_INFO_URL=https://www.googleapis.com/oauth2/v3/userinfo

            # Amazon
            # - OAUTH_PROVIDER=oidc
            # - OAUTH_CLIENT_ID=793k18vvmiooosv5j4dd0bkqi
            # - OAUTH_CLIENT_SECRET=ccpsr589kufadbmi7ac6kgi3gaftc4cqkm3pi627tsidmbsk1lj
            # - OAUTH_AUTH_URL=https://veenboer.auth.eu-central-1.amazoncognito.com/oauth2/authorize
            # - OAUTH_TOKEN_URL=https://veenboer.auth.eu-central-1.amazoncognito.com/oauth2/token
            # - OAUTH_USER_INFO_URL=https://veenboer.auth.eu-central-1.amazoncognito.com/oauth2/userInfo

            # Microsoft
            # - OAUTH_PROVIDER=oidc
            # - OAUTH_CLIENT_ID=2483d0ed-95a1-4ca1-ae72-a79ca6defd96
            # - OAUTH_CLIENT_SECRET=x8V8Q~vklpp75~xwMRzAuNa4NQ7K8gNEAAsx-cTZ
            # - OAUTH_AUTH_URL=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
            # - OAUTH_TOKEN_URL=https://login.microsoftonline.com/common/oauth2/v2.0/token
            # - OAUTH_USER_INFO_URL=https://graph.microsoft.com/oidc/userinfo

            # Authentik
            - OAUTH_PROVIDER=oidc
            - OAUTH_CLIENT_ID=MJJ44TzracJ8J24xVsUvO12KvAbzxiev9G0t9sYl
            - OAUTH_CLIENT_SECRET=vrUGfNfqzooKujOyvTLDZffOTakEgNeCIlILaBU2aF9QtaDHJWaYVY3MLGlkF2jlFFn4W0a1eSJcZpJMxojO4i7U6b9CqbdTr5Al2LvK3FQnFbViUn2MN0qKibv8VVO1
            - OAUTH_AUTH_URL=https://authentik.rik.veenboer.xyz/application/o/authorize/
            - OAUTH_TOKEN_URL=https://authentik.rik.veenboer.xyz/application/o/token/
            - OAUTH_USER_INFO_URL=https://authentik.rik.veenboer.xyz/application/o/userinfo/

            # General
            - OAUTH_CALLBACK_URL=https://vouch.rik.veenboer.xyz/auth
            - OAUTH_SCOPES=openid,profile,email
            - VOUCH_COOKIE_DOMAIN=veenboer.xyz
            - VOUCH_ALLOWALLUSERS=true
            - VOUCH_HEADERS_CLAIMS=email,preferred_username

            # Unused
            # - VOUCH_COOKIE_SECURE=false
            # - VOUCH_HEADERS_CLAIMS=sub,name,email
            # - OAUTH_CLAIMS=sub,name,email
            # - VOUCH_HEADERS_IDTOKEN=X-Vouch-IdP-IdToken
        restart: unless-stopped