fricloud/server-configs
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

gerd.authelia: updated configs to newest version

Browse source
This commit is contained in:
eyjhb 2024-08-21 13:12:41 +02:00
parent 0814c7b85f
commit e3114fb300
No known key found for this signature in database
GPG key ID: 609F508E3239F920
3 changed files with 19 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
machines/gerd/services/authelia/authelia.nix
View file

@ -18,7 +18,10 @@ in {
};
settings = {
session.domain = config.mine.shared.settings.domain;
session.cookies = [ {
domain = svc_domain;
authelia_url = "https://${svc_domain}";
} ];
server.address = "tcp://127.0.0.1:${builtins.toString port}";
@ -39,8 +42,7 @@ in {
ldap = {
implementation = "custom";
# address in the future
url = "ldap://localhost:${builtins.toString config.services.lldap.settings.ldap_port}";
address = "ldap://localhost:${builtins.toString config.services.lldap.settings.ldap_port}";
timeout = "5s";
start_tls = false;
@ -59,10 +61,12 @@ in {
groups_filter = "(member={dn})";
display_name_attribute = config.mine.shared.settings.ldap.attr.firstname;
username_attribute = config.mine.shared.settings.ldap.attr.uid;
group_name_attribute = config.mine.shared.settings.ldap.attr.groupname;
mail_attribute = config.mine.shared.settings.ldap.attr.email;
attributes = {
username = config.mine.shared.settings.ldap.attr.uid;
display_name = config.mine.shared.settings.ldap.attr.firstname;
group_name = config.mine.shared.settings.ldap.attr.groupname;
mail = config.mine.shared.settings.ldap.attr.email;
};
user = config.mine.shared.settings.ldap.bind_dn;
};

9
machines/gerd/services/forgejo/auth_sources.nix
View file

@ -96,14 +96,13 @@ in {
# example configuration for forgejo. Should live in forgejo.nix if needed
services.authelia.instances.main.settings.identity_providers.oidc.clients = [{
id = "forgejo";
description = "Forgejo";
client_id = "forgejo";
client_name = "Forgejo";
# authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
secret = "$pbkdf2-sha512$310000$cOGtLwMHyfugAJCIiUUjfQ$ao7zC8QB1m8aTGNf1dxYbRAPivZ0G1eaJ4bNFVfJiTFZX06U5baBjT0emvoaeFHXMFbYHzorb2/8vxnY/D0b5Q";
client_secret = "$pbkdf2-sha512$310000$cOGtLwMHyfugAJCIiUUjfQ$ao7zC8QB1m8aTGNf1dxYbRAPivZ0G1eaJ4bNFVfJiTFZX06U5baBjT0emvoaeFHXMFbYHzorb2/8vxnY/D0b5Q";
public = false;
authorization_policy = "one_factor";
redirect_uris = [ "https://${config.mine.shared.settings.forgejo.domain}/user/oauth2/${AUTHELIA_AUTH_NAME}/callback" ];
scopes = [
"openid"
@ -111,6 +110,6 @@ in {
"profile"
];
userinfo_signing_algorithm = "none";
userinfo_signed_response_alg = "none";
}];
}

11
machines/gerd/services/nextcloud.nix
View file

@ -197,16 +197,13 @@ in {
# setup authelia for nextcloud
services.authelia.instances.main.settings.identity_providers.oidc.clients = [{
id = AUTHELIA_AUTH_NAME;
description = "Nextcloud";
client_id = AUTHELIA_AUTH_NAME;
client_name = "Nextcloud";
# authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
secret = "$pbkdf2-sha512$310000$kLNQ/1A.uasSN4g8q94jUQ$8OKNUNNumHCh8dVG5/QWys7u.y1guqFXlrL.bMm7/HKTsWhpib/W.8qlU6VU7V1Be/h14Y.fJi3RLvbkEdo2kA";
client_secret = "$pbkdf2-sha512$310000$kLNQ/1A.uasSN4g8q94jUQ$8OKNUNNumHCh8dVG5/QWys7u.y1guqFXlrL.bMm7/HKTsWhpib/W.8qlU6VU7V1Be/h14Y.fJi3RLvbkEdo2kA";
public = false;
authorization_policy = "one_factor";
# require_pkce = true;
# pkce_challenge_method = "S256";
redirect_uris = [ "https://${svc_domain}/apps/oidc_login/oidc" ];
scopes = [
"openid"
@ -215,7 +212,7 @@ in {
"groups"
];
userinfo_signing_algorithm = "none";
userinfo_signed_response_alg = "none";
}];
services.nginx.virtualHosts."${svc_domain}" = {