home-pods/container-oauth2-proxy.service

48 lines
1.5 KiB
SYSTEMD

# container-oauth2-proxy.service
# autogenerated by Podman 4.1.1
# Thu Aug 18 10:12:36 UTC 2022
[Unit]
Description=Podman container-oauth2-proxy.service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run \
--cidfile=%t/%n.ctr-id \
--cgroups=no-conmon \
--rm \
--sdnotify=conmon \
-d \
--replace \
--name oauth2-proxy \
-p 4180:4180 \
-e OAUTH2_PROXY_PROVIDER=keycloak-oidc \
-e OAUTH2_PROXY_CLIENT_ID=oauth2-proxy \
-e OAUTH2_PROXY_CLIENT_SECRET=H2SITUCIsnVMq0k1OfWsQuSvXmkdHBe0 \
#-e OAUTH2_PROXY_REDIRECT_URL=https://home.vanoverloop.xyz/oauth2/callback \
-e OAUTH2_PROXY_OIDC_ISSUER_URL=https://auth.vanoverloop.xyz/realms/master \
-e OAUTH2_PROXY_ALLOWED_ROLE=home \
-e OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180 \
-e OAUTH2_PROXY_REVERSE_PROXY=true \
-e OAUTH2_PROXY_COOKIE_SECRET=jmoZ8LpDuAO1PLAtD16Xe4tu7e_OAmXZetiumqquCWA= \
-e OAUTH2_PROXY_UPSTREAMS=http://pi.lan:5180/ \
-e OAUTH2_PROXY_EMAIL_DOMAINS=* \
-e OAUTH2_PROXY_AUTH_LOGGING=true \
-e OAUTH2_PROXY_REQUEST_LOGGING=true \
-e OAUTH2_PROXY_SESSION_COOKIE_MINIMAL=true \
-e OAUTH2_PROXY_COOKIE_DOMAINS=.vanoverloop.xyz \
-e OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true quay.io/oauth2-proxy/oauth2-proxy
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target