add octoprint

hosts/nixos/HandlerOne/backup.nix

@@ -23,6 +23,7 @@ let
 
       "/var/lib/tuwunel"
       "/var/lib/paperless/export"
+      "/var/lib/octoprint"
 
     ];
   };

hosts/nixos/HandlerOne/default.nix

@@ -54,6 +54,7 @@
       "modules/services/fail2ban"
       "modules/services/mesh/client.nix"
       "modules/services/auth-provider"
+      "modules/services/octoprint"
       "modules/services/paperless"
       "modules/services/matrix"
       "modules/services/forgejo"
@@ -137,6 +138,14 @@
           inject header Remote-User from name
           inject header Remote-Role from groups
         }
+
+        authorization policy octoprint {
+          set auth url /caddy-security/oauth2/generic
+          allow roles octoprint
+          inject headers with claims
+          inject header Remote-User from name
+          inject header Remote-Role from groups
+        }
       }
     '';
   };

modules/services/octoprint/default.nix

@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+let
+  port = lib.custom.autoport "octoprint";
+in
+{
+  services.caddy.virtualHosts."octoprint.wanderingcrow.net".extraConfig = ''
+    @auth {
+      path /caddy-security/*
+    }
+
+    route @auth {
+      authenticate with myportal
+    }
+    route /* {
+      authorize with octoprint
+      reverse_proxy http://localhost:${builtins.toString config.services.octoprint.port}
+    }
+  '';
+
+  services.octoprint = {
+    inherit port;
+    enable = true;
+    openFirewall = true;
+  };
+
+}