mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-11 07:10:39 +02:00
chore: format everything
This commit is contained in:
oddlama
parent
deca311c68
commit
7ccd7856ee
162 changed files with 4750 additions and 3718 deletions
|
|
@ -3,7 +3,8 @@
|
|||
globals,
|
||||
nodes,
|
||||
...
|
||||
}: {
|
||||
}:
|
||||
{
|
||||
meta.oauth2-proxy = {
|
||||
enable = true;
|
||||
cookieDomain = globals.domains.me;
|
||||
|
|
@ -23,36 +24,40 @@
|
|||
generator.dependencies = [
|
||||
nodes.ward-kanidm.config.age.secrets.kanidm-oauth2-web-sentinel
|
||||
];
|
||||
generator.script = {
|
||||
lib,
|
||||
decrypt,
|
||||
deps,
|
||||
...
|
||||
}: ''
|
||||
echo -n "OAUTH2_PROXY_CLIENT_SECRET="
|
||||
${decrypt} ${lib.escapeShellArg (lib.head deps).file}
|
||||
'';
|
||||
generator.script =
|
||||
{
|
||||
lib,
|
||||
decrypt,
|
||||
deps,
|
||||
...
|
||||
}:
|
||||
''
|
||||
echo -n "OAUTH2_PROXY_CLIENT_SECRET="
|
||||
${decrypt} ${lib.escapeShellArg (lib.head deps).file}
|
||||
'';
|
||||
mode = "440";
|
||||
group = "oauth2-proxy";
|
||||
};
|
||||
|
||||
services.oauth2-proxy = let
|
||||
clientId = "web-sentinel";
|
||||
in {
|
||||
provider = "oidc";
|
||||
scope = "openid email";
|
||||
loginURL = "https://${globals.services.kanidm.domain}/ui/oauth2";
|
||||
redeemURL = "https://${globals.services.kanidm.domain}/oauth2/token";
|
||||
validateURL = "https://${globals.services.kanidm.domain}/oauth2/openid/${clientId}/userinfo";
|
||||
clientID = clientId;
|
||||
email.domains = ["*"];
|
||||
services.oauth2-proxy =
|
||||
let
|
||||
clientId = "web-sentinel";
|
||||
in
|
||||
{
|
||||
provider = "oidc";
|
||||
scope = "openid email";
|
||||
loginURL = "https://${globals.services.kanidm.domain}/ui/oauth2";
|
||||
redeemURL = "https://${globals.services.kanidm.domain}/oauth2/token";
|
||||
validateURL = "https://${globals.services.kanidm.domain}/oauth2/openid/${clientId}/userinfo";
|
||||
clientID = clientId;
|
||||
email.domains = [ "*" ];
|
||||
|
||||
extraConfig = {
|
||||
oidc-issuer-url = "https://${globals.services.kanidm.domain}/oauth2/openid/${clientId}";
|
||||
provider-display-name = "Kanidm";
|
||||
#skip-provider-button = true;
|
||||
extraConfig = {
|
||||
oidc-issuer-url = "https://${globals.services.kanidm.domain}/oauth2/openid/${clientId}";
|
||||
provider-display-name = "Kanidm";
|
||||
#skip-provider-button = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.oauth2-proxy.serviceConfig.EnvironmentFile = [
|
||||
config.age.secrets.oauth2-cookie-secret.path
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue