From aa0d2d3bc346faa52caf73c7d3cfe178ff8cab44 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Sun, 5 Oct 2025 17:01:50 -0500
Subject: [PATCH] idk

---
 hosts/h001/mods/oauth2-proxy.nix | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/hosts/h001/mods/oauth2-proxy.nix b/hosts/h001/mods/oauth2-proxy.nix
index b285900..cbc8826 100644
--- a/hosts/h001/mods/oauth2-proxy.nix
+++ b/hosts/h001/mods/oauth2-proxy.nix
@@ -1,9 +1,9 @@
-{ config, ... }:
+{ upkgs, config, ... }:
 {
   services.oauth2-proxy = {
     enable = true;
     httpAddress = "http://127.0.0.1:4180";
-    # package = pkgsUnstable.oauth2-proxy;
+    package = upkgs.oauth2-proxy;
     provider = "oidc";
     reverseProxy = true;
     redirectURL = "https://sso-proxy.joshuabell.xyz/oauth2/callback";
@@ -13,9 +13,11 @@
     nginx.domain = "sso-proxy.joshuabell.xyz";
     email.domains = [ "*" ];
     extraConfig = {
-      whitelist-domain = ".joshuabell.xyz";
+      whitelist-domain = "*.joshuabell.xyz";
       cookie-domain = ".joshuabell.xyz";
     };
+    cookie.refresh = "30m";
+    setXauthrequest = true;
   };
 
   services.nginx.virtualHosts."sso-proxy.joshuabell.xyz" = {
@@ -24,11 +26,7 @@
         proxyWebsockets = true;
         recommendedProxySettings = true;
         proxyPass = "http://127.0.0.1:4180";
-        extraConfig = ''
-          proxy_set_header X-Forwarded-Proto https;
-        '';
       };
     };
   };
-
 }