servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

broken: Added initial support for authelia + lldap oidc for nextcloud

Browse Source
This commit is contained in:
uttarayan21
2025-08-01 15:18:56 +05:30
parent 2f461a941d
commit 773a6aaa63
12 changed files with 453 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/mirai/services/immich.nix
View File

@@ -42,7 +42,7 @@
"machineLearning": {
"enabled": true,
"urls": [
"http://ryu:3003",
"http://ryu.darksailor.dev:3003",
"http://localhost:3003"
],
}
@@ -51,7 +51,7 @@
'';
mode = "0400";
owner = "immich";
restartUnits = ["immich-server.service" "authelia-darksailor.service"];
restartUnits = ["immich-server.service"];
};
};
};
@@ -73,6 +73,7 @@
enable = true;
mediaLocation = "/media/photos/immich";
accelerationDevices = null;
machine-learning.enable = false;
environment = {
IMMICH_CONFIG_FILE = config.sops.templates."immich-config.json".path;
};

57
nixos/mirai/services/nextcloud.nix
View File

@@ -5,6 +5,8 @@
}: {
sops = {
secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
secrets."authelia/oidc/nextcloud/client_id".owner = config.users.users.nextcloud.name;
secrets."authelia/oidc/nextcloud/client_secret".owner = config.users.users.nextcloud.name;
};
imports = [
"${fetchTarball {
@@ -17,7 +19,7 @@
enable = true;
package = pkgs.nextcloud31;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar bookmarks;
inherit (config.services.nextcloud.package.packages.apps) contacts calendar bookmarks user_oidc;
};
extraAppsEnable = true;
hostName = "cloud.darksailor.dev";
@@ -32,6 +34,7 @@
memcached = true;
};
webserver = "caddy";
settings = {};
};
# caddy = {
# virtualHosts."cloud.darksailor.dev".extraConfig = ''
@@ -44,5 +47,57 @@
# port = 8080; # NOT an exposed port
# }
# ];
authelia.instances.darksailor = {
settings = {
definitions = {
user_attributes = {
is_nextcloud_admin = {
expression = ''"nextcloud-admins" in groups"'';
};
};
};
identity_providers = {
oidc = {
claims_policies = {
custom_claims = {
is_nextcloud_admin = {};
};
};
scopes = {
nextcloud_userinfo = {
claims = ["is_nextcloud_admin"];
};
};
clients = [
{
client_name = "Nextcloud";
client_id = "nextcloud";
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/nextcloud/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
claims_policy = "nextcloud_userinfo";
redirect_uris = [
"https://cloud.darksailor.dev/apps/oidc_login/oidc"
];
scopes = [
"openid"
"profile"
"email"
"groups"
"nextcloud_userinfo"
];
response_types = ["code"];
grant_types = ["authorization_code"];
# access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
}

1
nixos/ryu/configuration.nix
View File

@@ -8,6 +8,7 @@
./ryu.nix
./services
./programs
./containers
];
sops = {

12
nixos/ryu/containers/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{device, ...}: {
imports = [
./immich-machine-learning.nix
];
virtualisation = {
docker.enable = true;
oci-containers.backend = "docker";
};
users.extraUsers.${device.user}.extraGroups = [
"docker"
];
}

26
nixos/ryu/containers/immich-machine-learning.nix Normal file
View File

@@ -0,0 +1,26 @@
{pkgs, ...}: let
port = 3003;
in {
virtualisation.oci-containers = {
backend = "docker";
containers = {
immich-machine-learning = {
image = "ghcr.io/immich-app/immich-machine-learning:v${pkgs.immich.version}-cuda";
ports = [
"0.0.0.0:${toString port}:3003"
];
volumes = [
"model-cache:/cache"
];
};
};
};
networking.firewall.allowedTCPPorts = [port];
environment.systemPackages = with pkgs; [
nvidia-docker
nvidia-container-toolkit
];
# services.caddy.virtualHosts."ml.ryu.darksailor.dev".extraConfig = ''
# reverse_proxy localhost:${toString port}
# '';
}