aboutsummaryrefslogtreecommitdiff
path: root/profiles/miniflux.nix
diff options
context:
space:
mode:
Diffstat (limited to 'profiles/miniflux.nix')
-rw-r--r--profiles/miniflux.nix21
1 files changed, 16 insertions, 5 deletions
diff --git a/profiles/miniflux.nix b/profiles/miniflux.nix
index 2d110ad..7cc465b 100644
--- a/profiles/miniflux.nix
+++ b/profiles/miniflux.nix
@@ -4,10 +4,7 @@ let
port = 8002;
in
{
- age.secrets.miniflux-oidc = {
- owner = "miniflux";
- file = ../secrets/miniflux-oidc.age;
- };
+ age.secrets.miniflux-oidc.file = ../secrets/miniflux-oidc.age;
services.miniflux = {
enable = true;
@@ -24,9 +21,23 @@ in
};
};
- networking.firewall.allowedTCPPorts = [ 8002 ];
+ networking.firewall.allowedTCPPorts = [ port ];
systemd.services.miniflux.serviceConfig.LoadCredential = [
"oauth2-client-secret:${config.age.secrets.miniflux-oidc.path}"
];
+
+ services.authelia.instances.main.settings.identity_providers.oidc.clients = [
+ {
+ id = "miniflux";
+ description = "Miniflux RSS";
+ secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw";
+ redirect_uris = [ "https://${domain}/oauth2/oidc/callback" ];
+ scopes = [
+ "openid"
+ "email"
+ "profile"
+ ];
+ }
+ ];
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-20 11:59:17 +0000