From b864c98786eb61e61ce11c64ba0dfdd16c34b4aa Mon Sep 17 00:00:00 2001
From: Danilo Reyes <danilo.reyes.251@proton.me>
Date: Wed, 10 Dec 2025 04:49:35 -0600
Subject: [PATCH] Update oauth2-proxy configuration to use dynamic Keycloak URL
 and enhance redirect settings

---
 modules/servers/oauth2-proxy.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/servers/oauth2-proxy.nix b/modules/servers/oauth2-proxy.nix
index 21b33c6..3933401 100644
--- a/modules/servers/oauth2-proxy.nix
+++ b/modules/servers/oauth2-proxy.nix
@@ -23,8 +23,7 @@ in
       provider = "keycloak-oidc";
       clientID = "oauth2-proxy";
       keyFile = config.sops.secrets.oauth2-proxy.path;
-      oidcIssuerUrl = "https://auth.lebubu.org/realms/homelab";
-      redirectURL = "https://auth-proxy.lebubu.org/oauth2/callback";
+      oidcIssuerUrl = "${config.my.servers.keycloak.url}/realms/homelab";
       httpAddress = "${cfg.ip}:${toString cfg.port}";
       email.domains = [ "*" ];
       cookie = {
@@ -45,6 +44,8 @@ in
         session-store-type = "cookie";
         skip-provider-button = true;
         code-challenge-method = "S256";
+        redirect-url = "${cfg.url}/oauth2/callback";
+        whitelist-domain = [ ".lebubu.org" ];
       };
     };
   };