Add oauth2-proxy cookie secret to configuration and update secrets.yaml for enhanced security management

2025-12-10 04:25:47 -06:00
parent 8f04f99c85
commit b5a5d42910
2 changed files with 8 additions and 2 deletions
--- a/modules/servers/oauth2-proxy.nix
+++ b/modules/servers/oauth2-proxy.nix
@@ -14,6 +14,10 @@ in
      sopsFile = ../../secrets/env.yaml;
      restartUnits = [ "oauth2-proxy.service" ];
    };
+    sops.secrets.oauth2-proxy-cookie = {
+      sopsFile = ../../secrets/secrets.yaml;
+      restartUnits = [ "oauth2-proxy.service" ];
+    };
    services.oauth2-proxy = {
      inherit (cfg) enable;
      provider = "keycloak-oidc";
@@ -29,6 +33,7 @@ in
        expire = "168h";
        refresh = "1h";
        domain = ".lebubu.org";
+        secret = config.sops.secrets.oauth2-proxy-cookie.path;
      };
      extraConfig = {
        skip-auth-route = [ "^/ping$" ];