sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: update immich; decrease restart timer between failed attempts for all services to 60 seconds

Browse source
This commit is contained in:
oddlama 2024-03-12 21:06:01 +01:00
parent dfe0345888
commit 605aee0a67
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
13 changed files with 18 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/ward/guests/kanidm.nix
View file

@ -124,6 +124,8 @@ in {
basicSecretFile = config.age.secrets.kanidm-oauth2-immich.path;
preferShortUsername = true;
# XXX: PKCE is currently not supported by immich
# XXX: Also RS256 is used instead of ES256 so additionally needed:
# kanidm system oauth2 warning-enable-legacy-crypto immich
allowInsecureClientDisablePkce = true;
scopeMaps."immich.access" = ["openid" "email" "profile"];
};
@ -137,6 +139,7 @@ in {
displayName = "Grafana";
originUrl = "https://${sentinelCfg.networking.providedDomains.grafana}/";
basicSecretFile = config.age.secrets.kanidm-oauth2-grafana.path;
preferShortUsername = true;
scopeMaps."grafana.access" = ["openid" "email" "profile"];
claimMaps.groups = {
joinType = "array";
@ -174,6 +177,7 @@ in {
displayName = "Web Sentinel";
originUrl = "https://oauth2.${domains.me}/";
basicSecretFile = config.age.secrets.kanidm-oauth2-web-sentinel.path;
preferShortUsername = true;
scopeMaps."web-sentinel.access" = ["openid" "email"];
claimMaps.groups = {
joinType = "array";