diff options
Diffstat (limited to 'profiles/authelia.nix')
| -rw-r--r-- | profiles/authelia.nix | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/profiles/authelia.nix b/profiles/authelia.nix index ccc3d11..8a345b2 100644 --- a/profiles/authelia.nix +++ b/profiles/authelia.nix @@ -13,12 +13,17 @@ file = ../secrets/authelia-users.yaml.age; owner = "authelia-main"; }; + authelia-jwks = { + file = ../secrets/authelia-jwks.age; + owner = "authelia-main"; + }; }; services.authelia.instances.main = { enable = true; - secrets.storageEncryptionKeyFile = config.age.secrets."authelia-storage-key".path; secrets.jwtSecretFile = config.age.secrets."authelia-jwt-key".path; + secrets.oidcIssuerPrivateKeyFile = config.age.secrets."authelia-jwks".path; + secrets.storageEncryptionKeyFile = config.age.secrets."authelia-storage-key".path; settings = { server.address = "tcp://:9092"; default_2fa_method = "totp"; @@ -33,6 +38,23 @@ path = "/var/lib/authelia-main/db.sqlite3"; }; }; + identity_providers.oidc = { + clients = [ + { + id = "miniflux"; + description = "Miniflux RSS"; + secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw"; + redirect_uris = [ "https://reader.fcuny.net/oauth2/oidc/callback" ]; + scopes = [ + "openid" + "email" + "profile" + ]; + } + ]; + }; }; }; + + networking.firewall.allowedTCPPorts = [ 9092 ]; } |