From c1a2c8238b7fd38c9956286521e995b39338223d Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Fri, 28 Oct 2022 14:35:22 +0200
Subject: [PATCH] nginx: Add additional plugins for OpenID to work

---
 hosts/architect/nginx.nix | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/hosts/architect/nginx.nix b/hosts/architect/nginx.nix
index 8937587..8afc238 100644
--- a/hosts/architect/nginx.nix
+++ b/hosts/architect/nginx.nix
@@ -27,14 +27,26 @@
       };
     };
     appendHttpConfig = let
-      extraPureLuaPackages = with pkgs.luajitPackages; [ lua-resty-openidc ];
+      extraPureLuaPackages = with pkgs.luajitPackages; [
+        lua-resty-openidc
+        lua-resty-http
+        lua-resty-session
+        lua-resty-jwt
+        lua-resty-openssl
+      ];
       luaPath = pkg: "${pkg}/share/lua/5.1/?.lua";
       makeLuaPath = lib.concatMapStringsSep ";" luaPath;
     in ''
       lua_package_path '${makeLuaPath extraPureLuaPackages};;';
+      lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
+      lua_ssl_verify_depth 5;
 
       # cache for OIDC discovery metadata
       lua_shared_dict discovery 1m;
+      lua_shared_dict jwks 1m;
+
+      # https://github.com/openresty/lua-resty-redis/issues/159
+      resolver local=on ipv6=off;
     '';
 
     appendConfig = ''