blob: 7cc465b53a6c7c6734ecbbdc15c1b39dd18fd24a (
plain) (
tree)
|
|
{ config, ... }:
let
domain = "reader.fcuny.net";
port = 8002;
in
{
age.secrets.miniflux-oidc.file = ../secrets/miniflux-oidc.age;
services.miniflux = {
enable = true;
config = {
LISTEN_ADDR = "0.0.0.0:${toString port}";
BASE_URL = "https://${domain}";
CREATE_ADMIN = 0;
OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux";
OAUTH2_CLIENT_SECRET_FILE = "/run/credentials/miniflux.service/oauth2-client-secret";
OAUTH2_REDIRECT_URL = "https://${domain}/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.fcuny.net";
OAUTH2_USER_CREATION = "1";
};
};
networking.firewall.allowedTCPPorts = [ port ];
systemd.services.miniflux.serviceConfig.LoadCredential = [
"oauth2-client-secret:${config.age.secrets.miniflux-oidc.path}"
];
services.authelia.instances.main.settings.identity_providers.oidc.clients = [
{
id = "miniflux";
description = "Miniflux RSS";
secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw";
redirect_uris = [ "https://${domain}/oauth2/oidc/callback" ];
scopes = [
"openid"
"email"
"profile"
];
}
];
}
|
