[oauth-proxy] Making some progress on this. It's not working, but it's now redirecting and getting 'invalid status code'

system/hosts/mcp/containers/timetagger.nix

@@ -1,12 +1,11 @@
 { config, ... }:
 let
-  inherit (import ./lib.nix config) mkContainer terakoda_net;
+  inherit (import ./lib.nix config) mkContainer;
 in
 {
   virtualisation.oci-containers.containers.timetagger = mkContainer {
     image = "ghcr.io/almarklein/timetagger:v24.12.2";
     hostName = "time";
-    domain = terakoda_net;
     port = "80";
     oauthProxy = true;
     homepageOpts = {

system/hosts/mcp/containers/traefik.nix

@@ -13,20 +13,20 @@ in
       restartUnits = [ "podman-traefik.service" ];
       mode = "0400";
     };
+    "traefik/oauth2-plugin-secret" = {
+      restartUnits = [ "podman-traefik.service" ];
+      mode = "0400";
+    };
   };
 
   sops.templates."traefik/oauth2-config.yaml".content = ''
-    experimental:
-      plugins:
-        traefik-oidc-auth:
-          moduleName: "github.com/sevensolutions/traefik-oidc-auth"
-          version: "v0.11.0"
-
     http:
       middlewares:
         oidc-auth:
           plugin:
             traefik-oidc-auth:
+              Secret: "${config.sops.placeholder."traefik/oauth2-plugin-secret"}"
+              CallbackUri: "https://auth.blazestar.net/oidc/callback"
               Provider:
                 Url: "https://auth.blazestar.net/"
                 ClientId: "3e3f7d9a-a684-4412-866c-ea7281954a9f"

system/hosts/mcp/containers/traefik/traefik.yaml

@@ -37,3 +37,11 @@ metrics:
     addEntryPointsLabels: true
     addServicesLabels: true
     entryPoint: "metrics"
+
+# Plugins must be defined in static config
+experimental:
+  plugins:
+    traefik-oidc-auth:
+      moduleName: "github.com/sevensolutions/traefik-oidc-auth"
+      version: "v0.11.0"
+