From c69d909b2f411146d8f3b9dc208790e429bf781c Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 8 Feb 2025 22:09:40 +0100
Subject: [PATCH] Enable OIDC for FreshRSS on Tailscale

---
 modules/authelia.nix |  2 +-
 modules/freshrss.nix | 11 -----------
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/modules/authelia.nix b/modules/authelia.nix
index 021dec6..ae51e5d 100644
--- a/modules/authelia.nix
+++ b/modules/authelia.nix
@@ -88,7 +88,7 @@
                   client_secret.path = "/secrets/authelia/freshrss_client_secret";
                   public = false;
                   authorization_policy = "two_factor";
-                  redirect_uris = ["https://rss.kun.is:443/i/oidc/"];
+                  redirect_uris = ["https://freshrss.griffin-mermaid.ts.net/i/oidc/"];
                   scopes = ["openid" "groups" "email" "profile"];
                   userinfo_signed_response_alg = "none";
                   token_endpoint_auth_method = "client_secret_basic";
diff --git a/modules/freshrss.nix b/modules/freshrss.nix
index 8f703ee..849f438 100644
--- a/modules/freshrss.nix
+++ b/modules/freshrss.nix
@@ -84,20 +84,9 @@
           targetPort = "web";
         };
       };
-
-      ingresses.freshrss.metadata.annotations."traefik.ingress.kubernetes.io/router.middlewares" = "kube-system-forwardauth-authelia@kubernetescrd";
     };
 
     lab = {
-      ingresses.freshrss = {
-        host = "rss.kun.is";
-
-        service = {
-          name = "server";
-          portName = "web";
-        };
-      };
-
       tailscaleIngresses.tailscale = {
         host = "freshrss";
         service.name = "server";