sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: update kanidm module

Browse source
This commit is contained in:
oddlama 2024-03-12 16:42:36 +01:00
parent bec8f5f50f
commit 0ec4a8ebe8
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
10 changed files with 68 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

17
hosts/ward/guests/kanidm.nix
View file

@ -136,6 +136,7 @@ in {
originUrl = "https://${sentinelCfg.networking.providedDomains.grafana}/";
basicSecretFile = config.age.secrets.kanidm-oauth2-grafana.path;
scopeMaps."grafana.access" = ["openid" "email" "profile"];
# FIXME: use new group claims k thx
supplementaryScopeMaps = {
"grafana.admins" = ["admin"];
"grafana.editors" = ["editor"];
@ -151,8 +152,13 @@ in {
originUrl = "https://${sentinelCfg.networking.providedDomains.forgejo}/";
basicSecretFile = config.age.secrets.kanidm-oauth2-forgejo.path;
scopeMaps."forgejo.access" = ["openid" "email" "profile"];
supplementaryScopeMaps = {
"forgejo.admins" = ["admin"];
# XXX: PKCE is currently not supported by gitea/forgejo,
# see https://github.com/go-gitea/gitea/issues/21376.
allowInsecureClientDisablePkce = true;
preferShortUsername = true;
claimMaps.groups = {
joinType = "array";
valuesByGroup."forgejo.admins" = ["admin"];
};
};
@ -165,9 +171,10 @@ in {
originUrl = "https://oauth2.${personalDomain}/";
basicSecretFile = config.age.secrets.kanidm-oauth2-web-sentinel.path;
scopeMaps."web-sentinel.access" = ["openid" "email"];
supplementaryScopeMaps = {
"web-sentinel.adguardhome" = ["access_adguardhome"];
"web-sentinel.influxdb" = ["access_influxdb"];
claimMaps.groups = {
joinType = "array";
valuesByGroup."web-sentinel.adguardhome" = ["access_adguardhome"];
valuesByGroup."web-sentinel.influxdb" = ["access_influxdb"];
};
};
};