diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-11-23 07:51:28 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-11-23 07:51:28 -0800 |
| commit | 83f622dc9e309e8052c73af662443da5de6dc4ef (patch) | |
| tree | f29fd9ede7d46ae16d1c94fe4262cf031e0aa373 /profiles/authelia.nix | |
| parent | adding webfinger support (diff) | |
| download | infra-83f622dc9e309e8052c73af662443da5de6dc4ef.tar.gz | |
configure miniflux and integrate with authelia
Diffstat (limited to '')
| -rw-r--r-- | profiles/authelia.nix | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/profiles/authelia.nix b/profiles/authelia.nix index ccc3d11..8a345b2 100644 --- a/profiles/authelia.nix +++ b/profiles/authelia.nix @@ -13,12 +13,17 @@ file = ../secrets/authelia-users.yaml.age; owner = "authelia-main"; }; + authelia-jwks = { + file = ../secrets/authelia-jwks.age; + owner = "authelia-main"; + }; }; services.authelia.instances.main = { enable = true; - secrets.storageEncryptionKeyFile = config.age.secrets."authelia-storage-key".path; secrets.jwtSecretFile = config.age.secrets."authelia-jwt-key".path; + secrets.oidcIssuerPrivateKeyFile = config.age.secrets."authelia-jwks".path; + secrets.storageEncryptionKeyFile = config.age.secrets."authelia-storage-key".path; settings = { server.address = "tcp://:9092"; default_2fa_method = "totp"; @@ -33,6 +38,23 @@ path = "/var/lib/authelia-main/db.sqlite3"; }; }; + identity_providers.oidc = { + clients = [ + { + id = "miniflux"; + description = "Miniflux RSS"; + secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw"; + redirect_uris = [ "https://reader.fcuny.net/oauth2/oidc/callback" ]; + scopes = [ + "openid" + "email" + "profile" + ]; + } + ]; + }; }; }; + + networking.firewall.allowedTCPPorts = [ 9092 ]; } |