From 8118462f592bd460272035bda5f0eb9e23262fc3 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Fri, 11 Nov 2022 19:08:00 +0100
Subject: [PATCH] openid: Force nginx app, allow to change only access_role

---
 hosts/architect/openid.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hosts/architect/openid.nix b/hosts/architect/openid.nix
index caf865b..fa11dbd 100644
--- a/hosts/architect/openid.nix
+++ b/hosts/architect/openid.nix
@@ -2,12 +2,12 @@
 
 {
   openresty_oidc_block =
-    { realm, client_id, client_secret, redirect_uri, access_role ? "" }: ''
+    { access_role ? "" }: ''
       access_by_lua_block {
         local opts = {
-          discovery = "https://auth.giugl.io/realms/${realm}/.well-known/openid-configuration",
-          client_id = "${client_id}",
-          client_secret = "${client_secret}",
+          discovery = "https://auth.giugl.io/realms/master/.well-known/openid-configuration",
+          client_id = "nginx",
+          client_secret = "9C6BYxPhTbrRS4DIwd3Smk7e11ABmnt8",
           logout_path = "/logout",
           redirect_after_logout_uri = "/",
           redirect_uri = "/redirect_uri",