feat: Added oidc to authelia
This commit is contained in:
uttarayan21
@@ -14,6 +14,7 @@
|
||||
"1password"
|
||||
"shapr3d"
|
||||
"orcaslicer"
|
||||
"zed"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,4 +6,12 @@
|
||||
home.packages = lib.optionals pkgs.stdenv.isLinux [
|
||||
pkgs.zed-editor
|
||||
];
|
||||
|
||||
zed-editor = {
|
||||
enable = true;
|
||||
};
|
||||
# xdg.configFile = {
|
||||
# "zed/keymaps.json" = '''';
|
||||
# "zed/settings.json".source = '''';
|
||||
# };
|
||||
}
|
||||
|
||||
@@ -381,10 +381,15 @@ in {
|
||||
};
|
||||
};
|
||||
rustaceanvim = {
|
||||
enable = false;
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
on_attach = rawLua ''
|
||||
on_attach =
|
||||
rawLua
|
||||
/*
|
||||
lua
|
||||
*/
|
||||
''
|
||||
function(client, bufnr)
|
||||
vim.keymap.set(
|
||||
"n",
|
||||
@@ -490,7 +495,7 @@ in {
|
||||
sourcekit.enable = true;
|
||||
openscad_lsp.enable = true;
|
||||
rust_analyzer = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
installCargo = false;
|
||||
installRustc = false;
|
||||
settings = {
|
||||
|
||||
@@ -1,11 +1,14 @@
|
||||
{config, ...}: {
|
||||
sops = {
|
||||
secrets = {
|
||||
"authelia/servers/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||
"authelia/servers/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||
"authelia/servers/darksailor/sessionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||
"authelia/users/servius".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||
users.owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||
secrets = let
|
||||
user = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||
in {
|
||||
"authelia/servers/darksailor/jwtSecret".owner = user;
|
||||
"authelia/servers/darksailor/storageEncryptionSecret".owner = user;
|
||||
"authelia/servers/darksailor/sessionSecret".owner = user;
|
||||
"authelia/users/servius".owner = user;
|
||||
"authelia/oidc/immich".owner = user;
|
||||
users.owner = user;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
@@ -19,6 +22,40 @@
|
||||
path = "/run/secrets/users";
|
||||
};
|
||||
};
|
||||
identity_providers = {
|
||||
odic = {
|
||||
clients = [
|
||||
{
|
||||
client_id = "immich";
|
||||
client_name = "immich";
|
||||
client_secret = ''{{ fileContent "${config.sops.secrets."authelia/oidc/immich".path}" }}'';
|
||||
public = false;
|
||||
authorization_policy = "two_factor";
|
||||
require_pkce = false;
|
||||
pkce_challenge_method = "";
|
||||
redirect_uris = [
|
||||
"https://photos.darksailor.dev/auth/login"
|
||||
"https://photos.darksailor.dev/user-settings"
|
||||
"app.immich:///oauth-callback"
|
||||
];
|
||||
scopes = [
|
||||
"openid"
|
||||
"profile"
|
||||
"email"
|
||||
];
|
||||
response_types = [
|
||||
"code"
|
||||
];
|
||||
grant_types = [
|
||||
"authorization_code"
|
||||
];
|
||||
access_token_signed_response_alg = "none";
|
||||
userinfo_signed_response_alg = "none";
|
||||
token_endpoint_auth_method = "client_secret_post";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
session = {
|
||||
cookies = [
|
||||
{
|
||||
@@ -79,9 +116,6 @@
|
||||
};
|
||||
};
|
||||
};
|
||||
# log = {
|
||||
# file_path = "/tmp/authelia.log";
|
||||
# };
|
||||
};
|
||||
secrets = {
|
||||
jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{...}: {
|
||||
services.immich = {
|
||||
enable = false;
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -25,6 +25,8 @@ authelia:
|
||||
jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str]
|
||||
storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str]
|
||||
sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str]
|
||||
oidc:
|
||||
immich: ENC[AES256_GCM,data:p11v+4I07FSW/pYk4l5fBlOQ2YczU0eoOvyLq/V62hY=,iv:NuHdsdLL+krQR2BZtMOcZL2zTHYjzoXbvKZLDWe36io=,tag:E8dkaQpSf+pzW18M+lqFGw==,type:str]
|
||||
lldap:
|
||||
jwt: ENC[AES256_GCM,data:61dwC1ElOOGaf0CmalzXZnxImEyufKjUUWcNaEcOuv3TEODhQyHK7g==,iv:CVEJVuaCc2gDmSYWHS3fPL8FjbvblF6IladAzGoGb0o=,tag:OMm/OdKjliHjsGqJripLbg==,type:str]
|
||||
seed: ENC[AES256_GCM,data:zMBZP4GeGkQ4chC9eQ4tG8vTqbxZj4iQMKCj0WQd1qOWVTibpk6VylnFz5ugmeMR,iv:5ZFf/r683AHVlpp7iN9B6nY1b8tD/JSCxRN4vXT1cRM=,tag:MmeGpK9d2GFP3etr9Ouvkg==,type:str]
|
||||
@@ -53,7 +55,7 @@ sops:
|
||||
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
|
||||
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-26T15:11:16Z"
|
||||
mac: ENC[AES256_GCM,data:ebMRGGCyzv5J6nXKOU5Ztacs2KU7Z9UZYC1B2n0NqZcakKmmkAeE6yb4Q83bRd1uys3ERuX6GU1S1lK0B5sd3ArDBXi7L1v4bM4SW5l6jfQIq1Yb2vUwMSCEniMsw5qesmaFhyqm4ppT8JLbidixgTL7dnQHVsefvuAdG01EIbU=,iv:oTbuNlUfV8IOGuwlbZJPiIpodo0CMl0mHCGttIX6xBU=,tag:IWvF6O7TQBqgvuuueZsyfw==,type:str]
|
||||
lastmodified: "2025-07-28T11:23:30Z"
|
||||
mac: ENC[AES256_GCM,data:lAaVNBji1kslL5pCYBABP3X8n1AFQ1ocFgPCRmlipLPt9dVVwzKDokI75xWztOTVU/ydkz/AQjHkeunPc0bl3lhukrpLAulpQLFTV/+zy2ku3nStCrpx93bmjO0KWb9GvjidITVOvr4WzOZUSsq45Im4gJgpFXDyCXg/8HsY6K0=,iv:vh7GdrwU+T4AkZS7uWljagA11itG1QEs2JdwSqbqmtc=,tag:VpCVyr4TxWYCWfssXz4QyQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
||||
Reference in New Issue
Block a user