servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Added oidc to authelia

Browse Source
This commit is contained in:
uttarayan21
2025-07-28 17:00:19 +05:30
parent b0a5a19a84
commit d73f1b8838
6 changed files with 85 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
darwin/kuro/homebrew.nix
View File

@@ -14,6 +14,7 @@
"1password" "1password"
"shapr3d" "shapr3d"
"orcaslicer" "orcaslicer"
"zed"
]; ];
}; };
} }

8
home/apps/zed.nix
View File

@@ -6,4 +6,12 @@
home.packages = lib.optionals pkgs.stdenv.isLinux [ home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.zed-editor pkgs.zed-editor
]; ];
zed-editor = {
enable = true;
};
# xdg.configFile = {
# "zed/keymaps.json" = '''';
# "zed/settings.json".source = '''';
# };
} }

11
neovim/default.nix
View File

@@ -381,10 +381,15 @@ in {
}; };
}; };
rustaceanvim = { rustaceanvim = {
enable = false; enable = true;
settings = { settings = {
server = { server = {
on_attach = rawLua '' on_attach =
rawLua
/*
lua
*/
''
function(client, bufnr) function(client, bufnr)
vim.keymap.set( vim.keymap.set(
"n", "n",
@@ -490,7 +495,7 @@ in {
sourcekit.enable = true; sourcekit.enable = true;
openscad_lsp.enable = true; openscad_lsp.enable = true;
rust_analyzer = { rust_analyzer = {
enable = true; enable = false;
installCargo = false; installCargo = false;
installRustc = false; installRustc = false;
settings = { settings = {

52
nixos/mirai/services/authelia.nix
View File

@@ -1,11 +1,14 @@
{config, ...}: { {config, ...}: {
sops = { sops = {
secrets = { secrets = let
"authelia/servers/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User; user = config.systemd.services.authelia-darksailor.serviceConfig.User;
"authelia/servers/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User; in {
"authelia/servers/darksailor/sessionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User; "authelia/servers/darksailor/jwtSecret".owner = user;
"authelia/users/servius".owner = config.systemd.services.authelia-darksailor.serviceConfig.User; "authelia/servers/darksailor/storageEncryptionSecret".owner = user;
users.owner = config.systemd.services.authelia-darksailor.serviceConfig.User; "authelia/servers/darksailor/sessionSecret".owner = user;
"authelia/users/servius".owner = user;
"authelia/oidc/immich".owner = user;
users.owner = user;
}; };
}; };
services = { services = {
@@ -19,6 +22,40 @@
path = "/run/secrets/users"; path = "/run/secrets/users";
}; };
}; };
identity_providers = {
odic = {
clients = [
{
client_id = "immich";
client_name = "immich";
client_secret = ''{{ fileContent "${config.sops.secrets."authelia/oidc/immich".path}" }}'';
public = false;
authorization_policy = "two_factor";
require_pkce = false;
pkce_challenge_method = "";
redirect_uris = [
"https://photos.darksailor.dev/auth/login"
"https://photos.darksailor.dev/user-settings"
"app.immich:///oauth-callback"
];
scopes = [
"openid"
"profile"
"email"
];
response_types = [
"code"
];
grant_types = [
"authorization_code"
];
access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
session = { session = {
cookies = [ cookies = [
{ {
@@ -79,9 +116,6 @@
}; };
}; };
}; };
# log = {
# file_path = "/tmp/authelia.log";
# };
}; };
secrets = { secrets = {
jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path; jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path;

2
nixos/mirai/services/immich.nix
View File

@@ -1,5 +1,5 @@
{...}: { {...}: {
services.immich = { services.immich = {
enable = false; enable = true;
}; };
} }

6
secrets/secrets.yaml
View File

@@ -25,6 +25,8 @@ authelia:
jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str] jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str]
storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str] storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str]
sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str] sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str]
oidc:
immich: ENC[AES256_GCM,data:p11v+4I07FSW/pYk4l5fBlOQ2YczU0eoOvyLq/V62hY=,iv:NuHdsdLL+krQR2BZtMOcZL2zTHYjzoXbvKZLDWe36io=,tag:E8dkaQpSf+pzW18M+lqFGw==,type:str]
lldap: lldap:
jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str] jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str]
seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str] seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str]
@@ -53,7 +55,7 @@ sops:
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q== ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-26T15:11:16Z" lastmodified: "2025-07-28T11:23:30Z"
mac: ENC[AES256_GCM,data:ebMRGGCyzv5J6nXKOU5Ztacs2KU7Z9UZYC1B2n0NqZcakKmmkAeE6yb4Q83bRd1uys3ERuX6GU1S1lK0B5sd3ArDBXi7L1v4bM4SW5l6jfQIq1Yb2vUwMSCEniMsw5qesmaFhyqm4ppT8JLbidixgTL7dnQHVsefvuAdG01EIbU=,iv:oTbuNlUfV8IOGuwlbZJPiIpodo0CMl0mHCGttIX6xBU=,tag:IWvF6O7TQBqgvuuueZsyfw==,type:str] mac: ENC[AES256_GCM,data:lAaVNBji1kslL5pCYBABP3X8n1AFQ1ocFgPCRmlipLPt9dVVwzKDokI75xWztOTVU/ydkz/AQjHkeunPc0bl3lhukrpLAulpQLFTV/+zy2ku3nStCrpx93bmjO0KWb9GvjidITVOvr4WzOZUSsq45Im4gJgpFXDyCXg/8HsY6K0=,iv:vh7GdrwU+T4AkZS7uWljagA11itG1QEs2JdwSqbqmtc=,tag:VpCVyr4TxWYCWfssXz4QyQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2