From 1a9fedf0a61b7d514c7e5b1c30a5fb545f91822c Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Tue, 30 Dec 2025 19:30:46 -0800
Subject: move miniflux configuration for authelia in the miniflux profile

---
 profiles/miniflux.nix | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'profiles/miniflux.nix')

diff --git a/profiles/miniflux.nix b/profiles/miniflux.nix
index 2d110ad..7cc465b 100644
--- a/profiles/miniflux.nix
+++ b/profiles/miniflux.nix
@@ -4,10 +4,7 @@ let
   port = 8002;
 in
 {
-  age.secrets.miniflux-oidc = {
-    owner = "miniflux";
-    file = ../secrets/miniflux-oidc.age;
-  };
+  age.secrets.miniflux-oidc.file = ../secrets/miniflux-oidc.age;
 
   services.miniflux = {
     enable = true;
@@ -24,9 +21,23 @@ in
     };
   };
 
-  networking.firewall.allowedTCPPorts = [ 8002 ];
+  networking.firewall.allowedTCPPorts = [ port ];
 
   systemd.services.miniflux.serviceConfig.LoadCredential = [
     "oauth2-client-secret:${config.age.secrets.miniflux-oidc.path}"
   ];
+
+  services.authelia.instances.main.settings.identity_providers.oidc.clients = [
+    {
+      id = "miniflux";
+      description = "Miniflux RSS";
+      secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw";
+      redirect_uris = [ "https://${domain}/oauth2/oidc/callback" ];
+      scopes = [
+        "openid"
+        "email"
+        "profile"
+      ];
+    }
+  ];
 }
-- 
cgit v1.2.3