diff options
| -rw-r--r-- | profiles/authelia.nix | 15 | ||||
| -rw-r--r-- | profiles/miniflux.nix | 21 |
2 files changed, 16 insertions, 20 deletions
diff --git a/profiles/authelia.nix b/profiles/authelia.nix index 8a345b2..b5d2c94 100644 --- a/profiles/authelia.nix +++ b/profiles/authelia.nix @@ -38,21 +38,6 @@ path = "/var/lib/authelia-main/db.sqlite3"; }; }; - identity_providers.oidc = { - clients = [ - { - id = "miniflux"; - description = "Miniflux RSS"; - secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw"; - redirect_uris = [ "https://reader.fcuny.net/oauth2/oidc/callback" ]; - scopes = [ - "openid" - "email" - "profile" - ]; - } - ]; - }; }; }; diff --git a/profiles/miniflux.nix b/profiles/miniflux.nix index 2d110ad..7cc465b 100644 --- a/profiles/miniflux.nix +++ b/profiles/miniflux.nix @@ -4,10 +4,7 @@ let port = 8002; in { - age.secrets.miniflux-oidc = { - owner = "miniflux"; - file = ../secrets/miniflux-oidc.age; - }; + age.secrets.miniflux-oidc.file = ../secrets/miniflux-oidc.age; services.miniflux = { enable = true; @@ -24,9 +21,23 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 8002 ]; + networking.firewall.allowedTCPPorts = [ port ]; systemd.services.miniflux.serviceConfig.LoadCredential = [ "oauth2-client-secret:${config.age.secrets.miniflux-oidc.path}" ]; + + services.authelia.instances.main.settings.identity_providers.oidc.clients = [ + { + id = "miniflux"; + description = "Miniflux RSS"; + secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw"; + redirect_uris = [ "https://${domain}/oauth2/oidc/callback" ]; + scopes = [ + "openid" + "email" + "profile" + ]; + } + ]; } |