sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add netbird (and coturn)

Browse source
This commit is contained in:
oddlama 2024-05-15 22:17:21 +02:00
parent 4f3a379b3f
commit 9daa744334
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
32 changed files with 372 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
hosts/ward/guests/kanidm.nix
View file

@ -106,12 +106,24 @@ in {
basicSecretFile = config.age.secrets.kanidm-oauth2-immich.path;
preferShortUsername = true;
# XXX: PKCE is currently not supported by immich
# XXX: Also RS256 is used instead of ES256 so additionally needed:
# kanidm system oauth2 warning-enable-legacy-crypto immich
allowInsecureClientDisablePkce = true;
# XXX: RS256 is used instead of ES256 so additionally we need legacy crypto
enableLegacyCrypto = true;
scopeMaps."immich.access" = ["openid" "email" "profile"];
};
# Netbird
groups."netbird.access" = {};
systems.oauth2.netbird = {
public = true;
displayName = "Netbird";
originUrl = "https://${sentinelCfg.networking.providedDomains.netbird}/";
preferShortUsername = true;
enableLocalhostRedirects = true;
enableLegacyCrypto = true;
scopeMaps."netbird.access" = ["openid" "email" "profile"];
};
# Paperless
groups."paperless.access" = {};
systems.oauth2.paperless = {