From 489b8eaade7fdd1ae39c9906ea3f58d0e96c6bf6 Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Thu, 12 Mar 2026 01:55:09 +0200
Subject: [PATCH] service: Use native socket for oauth2 proxy

---
 roles/service/tasks/oauth2_proxy.yaml | 11 ++++-------
 roles/service/vars/main/proxy.yaml    |  2 +-
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/roles/service/tasks/oauth2_proxy.yaml b/roles/service/tasks/oauth2_proxy.yaml
index 585c00c..2d114b7 100644
--- a/roles/service/tasks/oauth2_proxy.yaml
+++ b/roles/service/tasks/oauth2_proxy.yaml
@@ -20,7 +20,7 @@
         value: "{{ service_oauth2_proxy_client_secret }}"
         target: client-secret
     container_env:
-      OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
+      OAUTH2_PROXY_HTTP_ADDRESS: fd:3
       OAUTH2_PROXY_PROVIDER: oidc
       OAUTH2_PROXY_OIDC_ISSUER_URL: "{{ service_oauth2_proxy_issuer_url }}"
       OAUTH2_PROXY_CLIENT_ID: "{{ service_oauth2_proxy_client_id }}"
@@ -29,11 +29,8 @@
       OAUTH2_PROXY_EMAIL_DOMAINS: "*"
     container_auto_update: "{{ service_auto_update }}"
 
-- name: Socat for OAuth2 Proxy for {{ service_name }}
+- name: Socket for OAuth2 Proxy for {{ service_name }}
   ansible.builtin.import_role:
-    name: socat
+    name: uumas.general.systemd_socket
   vars:
-    socat_service_name: "{{ service_name }}-oauth2-proxy"
-    socat_target_http_port: 4180
-    socat_container_ip: ""
-    socat_auto_update: "{{ service_auto_update }}"
+    systemd_socket_name: "{{ service_name }}-oauth2-proxy"
diff --git a/roles/service/vars/main/proxy.yaml b/roles/service/vars/main/proxy.yaml
index 3b45ebf..8b07946 100644
--- a/roles/service/vars/main/proxy.yaml
+++ b/roles/service/vars/main/proxy.yaml
@@ -10,7 +10,7 @@ _service_proxy_headers: "{{ _service_replacement_host_header if not service_prox
 
 _service_oauth2_proxy: "{{ service_proxy_auth_type == 'oauth2-proxy' }}"
 _service_oauth2_socket: >-
-  {{ '/run/' ~ service_name  ~ '-oauth2-proxy-socat.sock' if _service_oauth2_proxy else '' }}
+  {{ '/run/' ~ service_name  ~ '-oauth2-proxy.sock' if _service_oauth2_proxy else '' }}
 _service_oauth2_proxy_location:
   path: /oauth2/*
   proxy_target_socket: "{{ _service_oauth2_socket }}"