feat: Adds pocket id authentication to caddy.

Dockerfile

@@ -1,9 +1,3 @@
-FROM docker.io/library/caddy:2.9.1-builder AS builder
-
-RUN xcaddy build \
-  --with github.com/caddy-dns/cloudflare \
-  --with github.com/greenpau/caddy-security
-
-FROM docker.io/library/caddy:2.9.1-alpine
-COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+FROM ghcr.io/authcrunch/authcrunch:latest
 COPY ./config /etc/caddy
+RUN /usr/bin/caddy fmt --overwrite /etc/caddy/Caddyfile

config/Caddyfile

@@ -1,14 +1,38 @@
 {
     email {env.ACME_EMAIL}
-}
 
-housh.dev {
-    tls {
-        dns cloudflare {env.CF_AUTH_TOKEN}
-        resolvers 1.1.1.1
+    # Configure caddy-security.
+    order authenticate before respond
+
+    security {
+      oauth identity provider generic {
+        delay_start 3
+        realm generic
+        driver generic
+        client_id {env.OAUTH_CLIENT_ID}
+        client_secret {env.OAUTH_CLIENT_SECRET}
+        scopes openid email profile
+        base_auth_url https://id.housh.dev
+        metadata_url https://id.housh.dev/.well-known/openid-configuration
+      }
+
+      authentication portal myportal {
+        crypto default token lifetime 3600 # Seconds until you have to re-authenticate
+        enable identity provider generic
+        cookie insecure off # Set to "on" if you're not using HTTPS
+
+        transform user {
+          match realm generic
+          action add role user
+        }
+      }
+
+      authorization policy mypolicy {
+        set auth url /caddy-security/oauth2/generic
+        allow roles user
+        inject headers with claims
+      }
     }
-
-    reverse_proxy /docs/* http://docs:80
 }
 
 # Subdomains
@@ -74,7 +98,18 @@ housh.dev {
 
     @docs host docs.housh.dev
     handle @docs {
+      @auth {
+		          path /caddy-security/*
+	    }
+
+	    route @auth {
+		        authenticate with myportal
+	    }
+
+
+      route /* {
           reverse_proxy docs:80
+      }
     }
 
     @pocket_id host id.housh.dev