mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

fix: enable oauth for immich; enable network access for immich containers; remove nixvim-wayland

Browse source
This commit is contained in:
oddlama 2024-01-23 02:48:29 +01:00
parent 924645cafb
commit 8b67068237
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
9 changed files with 201 additions and 266 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/ward/guests/kanidm.nix
View file

@ -35,6 +35,13 @@ in {
group = "kanidm";
};
age.secrets.kanidm-oauth2-immich = {
generator.script = "alnum";
generator.tags = ["oauth2"];
mode = "440";
group = "kanidm";
};
age.secrets.kanidm-oauth2-grafana = {
generator.script = "alnum";
generator.tags = ["oauth2"];
@ -114,6 +121,15 @@ in {
inherit (config.repo.secrets.global.kanidm) persons;
# Immich
groups.immich = {};
systems.oauth2.immich = {
displayName = "Immich";
originUrl = "https://${sentinelCfg.networking.providedDomains.immich}";
basicSecretFile = config.age.secrets.kanidm-oauth2-immich.path;
scopeMaps.immich = ["openid" "email" "profile"];
};
# Grafana
groups.grafana = {};
groups."grafana.admins" = {};
@ -148,7 +164,6 @@ in {
groups.web-sentinel = {};
groups."web-sentinel.adguardhome" = {};
groups."web-sentinel.influxdb" = {};
groups."web-sentinel.immich" = {};
systems.oauth2.web-sentinel = {
displayName = "Web Sentinel";
originUrl = "https://oauth2.${personalDomain}";
@ -157,7 +172,6 @@ in {
supplementaryScopeMaps = {
"web-sentinel.adguardhome" = ["access_adguardhome"];
"web-sentinel.influxdb" = ["access_influxdb"];
"web-sentinel.immich" = ["access_immich"];
};
};
};