mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

feat: add openid connect to actual

Browse source
This commit is contained in:
oddlama 2025-03-22 16:30:35 +01:00
parent c4891afe7d
commit a1f271caf0
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
6 changed files with 64 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/ward/guests/kanidm.nix
View file

@ -35,6 +35,7 @@ in
age.secrets.kanidm-admin-password = mkRandomSecret;
age.secrets.kanidm-idm-admin-password = mkRandomSecret;
age.secrets.kanidm-oauth2-actual = mkRandomSecret;
age.secrets.kanidm-oauth2-forgejo = mkRandomSecret;
age.secrets.kanidm-oauth2-grafana = mkRandomSecret;
age.secrets.kanidm-oauth2-immich = mkRandomSecret;
@ -136,6 +137,23 @@ in
];
};
# Actual
groups."actual.access" = { };
systems.oauth2.actual = {
displayName = "Actual Budget";
originUrl = "https://${globals.services.actual.domain}/openid/callback";
originLanding = "https://${globals.services.actual.domain}/";
basicSecretFile = config.age.secrets.kanidm-oauth2-actual.path;
preferShortUsername = true;
# XXX: RS256 is used instead of ES256 so additionally we need legacy crypto
enableLegacyCrypto = true;
scopeMaps."actual.access" = [
"openid"
"email"
"profile"
];
};
# Firezone
groups."firezone.access" = { };
systems.oauth2.firezone = {