From 6f25f94695dd085a613c676874639180e309b864 Mon Sep 17 00:00:00 2001
From: Martyn Ranyard <m@rtyn.berlin>
Date: Mon, 28 Jul 2025 08:26:58 +0000
Subject: [PATCH] Add auth2proxy for home stuff

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
---
 everything-app/oauth2proxy.yaml | 44 +++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 everything-app/oauth2proxy.yaml

diff --git a/everything-app/oauth2proxy.yaml b/everything-app/oauth2proxy.yaml
new file mode 100644
index 0000000..0adf15f
--- /dev/null
+++ b/everything-app/oauth2proxy.yaml
@@ -0,0 +1,44 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oauth2proxy
+  namespace: argocd
+spec:
+  destination:
+    namespace: auth
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    chart: oauth2-proxy
+    helm:
+      parameters:
+      - name: config.clientID
+        value: f7f67ba843f06f244857b01d96cbe7bc
+      - name: config.clientSecret
+        value: 2774dc53beb0570e5ea7bc342d2a8f4e47d2d16986ad542d4ce776505043238f
+      - name: config.cookieSecret
+        value: iRNHJrMvm3Lv3UUe3j0ZBWTic3y5XuZQ-mdLVAdmNV4=
+      values: |-
+        ingress:
+          enabled: true
+          className: nginx
+          path: /oauth2
+          pathType: Prefix
+          hosts:
+          - homeauth.martyn.berlin
+          tls:
+          - hosts:
+            - homeauth.martyn.berlin
+        extraArgs:
+        - --provider=oidc
+        - --oidc-issuer-url=https://auth.martyn.berlin/dex
+        - "--scope=openid profile email"
+        - "--email-domain=*"
+        - "--upstream=static://200"
+        - "--http-address=0.0.0.0:4180"
+    repoURL: https://oauth2-proxy.github.io/manifests
+    targetRevision: 7.12.18
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true