From e3114fb30043c10cf214b909cd4bae335f1943f2 Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Wed, 21 Aug 2024 13:12:41 +0200
Subject: [PATCH] gerd.authelia: updated configs to newest version

---
 machines/gerd/services/authelia/authelia.nix   | 18 +++++++++++-------
 .../gerd/services/forgejo/auth_sources.nix     |  9 ++++-----
 machines/gerd/services/nextcloud.nix           | 11 ++++-------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/machines/gerd/services/authelia/authelia.nix b/machines/gerd/services/authelia/authelia.nix
index 1c22c97..a79834e 100644
--- a/machines/gerd/services/authelia/authelia.nix
+++ b/machines/gerd/services/authelia/authelia.nix
@@ -18,7 +18,10 @@ in {
     };
 
     settings = {
-      session.domain = config.mine.shared.settings.domain;
+      session.cookies = [ {
+        domain = svc_domain;
+        authelia_url = "https://${svc_domain}";
+      } ];
 
       server.address = "tcp://127.0.0.1:${builtins.toString port}";
 
@@ -39,8 +42,7 @@ in {
         ldap = {
           implementation = "custom";
 
-          # address in the future
-          url = "ldap://localhost:${builtins.toString config.services.lldap.settings.ldap_port}";
+          address = "ldap://localhost:${builtins.toString config.services.lldap.settings.ldap_port}";
           timeout = "5s";
           start_tls = false;
 
@@ -59,10 +61,12 @@ in {
           groups_filter = "(member={dn})";
 
 
-          display_name_attribute = config.mine.shared.settings.ldap.attr.firstname;
-          username_attribute = config.mine.shared.settings.ldap.attr.uid;
-          group_name_attribute = config.mine.shared.settings.ldap.attr.groupname;
-          mail_attribute = config.mine.shared.settings.ldap.attr.email;
+          attributes = {
+            username = config.mine.shared.settings.ldap.attr.uid;
+            display_name = config.mine.shared.settings.ldap.attr.firstname;
+            group_name = config.mine.shared.settings.ldap.attr.groupname;
+            mail = config.mine.shared.settings.ldap.attr.email;
+          };
 
           user = config.mine.shared.settings.ldap.bind_dn;
         };
diff --git a/machines/gerd/services/forgejo/auth_sources.nix b/machines/gerd/services/forgejo/auth_sources.nix
index 9ea6fcc..0aaa6e5 100644
--- a/machines/gerd/services/forgejo/auth_sources.nix
+++ b/machines/gerd/services/forgejo/auth_sources.nix
@@ -96,14 +96,13 @@ in {
 
   # example configuration for forgejo. Should live in forgejo.nix if needed
   services.authelia.instances.main.settings.identity_providers.oidc.clients = [{
-    id = "forgejo";
-    description = "Forgejo";
+    client_id = "forgejo";
+    client_name = "Forgejo";
 
     # authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
-    secret = "$pbkdf2-sha512$310000$cOGtLwMHyfugAJCIiUUjfQ$ao7zC8QB1m8aTGNf1dxYbRAPivZ0G1eaJ4bNFVfJiTFZX06U5baBjT0emvoaeFHXMFbYHzorb2/8vxnY/D0b5Q";
+    client_secret = "$pbkdf2-sha512$310000$cOGtLwMHyfugAJCIiUUjfQ$ao7zC8QB1m8aTGNf1dxYbRAPivZ0G1eaJ4bNFVfJiTFZX06U5baBjT0emvoaeFHXMFbYHzorb2/8vxnY/D0b5Q";
 
     public = false;
-    authorization_policy = "one_factor";
     redirect_uris = [ "https://${config.mine.shared.settings.forgejo.domain}/user/oauth2/${AUTHELIA_AUTH_NAME}/callback" ];
     scopes = [
       "openid"
@@ -111,6 +110,6 @@ in {
       "profile"
     ];
 
-    userinfo_signing_algorithm = "none";
+    userinfo_signed_response_alg = "none";
   }];
 }
diff --git a/machines/gerd/services/nextcloud.nix b/machines/gerd/services/nextcloud.nix
index 9dcda64..6f93d7b 100644
--- a/machines/gerd/services/nextcloud.nix
+++ b/machines/gerd/services/nextcloud.nix
@@ -197,16 +197,13 @@ in {
 
   # setup authelia for nextcloud
   services.authelia.instances.main.settings.identity_providers.oidc.clients = [{
-    id = AUTHELIA_AUTH_NAME;
-    description = "Nextcloud";
+    client_id = AUTHELIA_AUTH_NAME;
+    client_name = "Nextcloud";
 
     # authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
-    secret = "$pbkdf2-sha512$310000$kLNQ/1A.uasSN4g8q94jUQ$8OKNUNNumHCh8dVG5/QWys7u.y1guqFXlrL.bMm7/HKTsWhpib/W.8qlU6VU7V1Be/h14Y.fJi3RLvbkEdo2kA";
+    client_secret = "$pbkdf2-sha512$310000$kLNQ/1A.uasSN4g8q94jUQ$8OKNUNNumHCh8dVG5/QWys7u.y1guqFXlrL.bMm7/HKTsWhpib/W.8qlU6VU7V1Be/h14Y.fJi3RLvbkEdo2kA";
 
     public = false;
-    authorization_policy = "one_factor";
-    # require_pkce = true;
-    # pkce_challenge_method = "S256";
     redirect_uris = [ "https://${svc_domain}/apps/oidc_login/oidc" ];
     scopes = [
       "openid"
@@ -215,7 +212,7 @@ in {
       "groups"
     ];
 
-    userinfo_signing_algorithm = "none";
+    userinfo_signed_response_alg = "none";
   }];
   
   services.nginx.virtualHosts."${svc_domain}" = {