From 189559a1b7f8801dd1d2b79bde3ffab0a93b6be3 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Fri, 3 Oct 2025 15:35:45 -0500
Subject: [PATCH] attempt trillium with oauth proxy

---
 hosts/h001/mods/oauth2-proxy.nix |  2 +-
 hosts/h001/mods/trilium.nix      | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/hosts/h001/mods/oauth2-proxy.nix b/hosts/h001/mods/oauth2-proxy.nix
index f26f50a..3e6fc29 100644
--- a/hosts/h001/mods/oauth2-proxy.nix
+++ b/hosts/h001/mods/oauth2-proxy.nix
@@ -10,7 +10,7 @@
     validateURL = "https://sso.joshuabell.xyz/oauth2/";
     oidcIssuerUrl = "https://sso.joshuabell.xyz:443";
     keyFile = config.age.secrets.oauth2_proxy_zitadel_client_secret.path;
-    # nginx.domain = "sso-proxy.joshuabell.xyz";
+    nginx.domain = "sso-proxy.joshuabell.xyz";
     # email.domains = [ ];
     # extraConfig = {
     #   whitelist-domain = ".joshuabell.xyz";
diff --git a/hosts/h001/mods/trilium.nix b/hosts/h001/mods/trilium.nix
index 4292165..e756d6f 100644
--- a/hosts/h001/mods/trilium.nix
+++ b/hosts/h001/mods/trilium.nix
@@ -13,7 +13,18 @@
     };
 
     systemd.services.trilium-server.environment = {
-      TRILIUM_NO_UPLOAD_LIMIT = true;
+      TRILIUM_NO_UPLOAD_LIMIT = "true";
+    };
+
+    services.oauth2-proxy.nginx.virtualHosts."notes.joshuabell.xyz".allowed_groups = [ "notes" ];
+    services.nginx.virtualHosts."notes.joshuabell.xyz" = {
+      locations = {
+        "/" = {
+          proxyWebsockets = true;
+          recommendedProxySettings = true;
+          proxyPass = "http://127.0.0.1:9111";
+        };
+      };
     };
 
     # services.nginx = {