blob: 94f86d61b9c7f61422424041cf3dadb236815abb (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
{ config, ... }:
let
domain = "reader.fcuny.net";
port = 8002;
in
{
services.miniflux = {
enable = true;
config = {
LISTEN_ADDR = "0.0.0.0:${toString port}";
BASE_URL = "https://${domain}";
CREATE_ADMIN = 0;
OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux";
OAUTH2_CLIENT_SECRET_FILE = "/run/credentials/miniflux.service/oauth2-client-secret";
OAUTH2_REDIRECT_URL = "https://${domain}/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.fcuny.net";
OAUTH2_USER_CREATION = "1";
};
};
networking.firewall.allowedTCPPorts = [ port ];
systemd.services.miniflux.serviceConfig.LoadCredential = [
"oauth2-client-secret:${config.age.secrets.miniflux-oidc.path}"
];
services.authelia.instances.main.settings.identity_providers.oidc.clients = [
{
id = "miniflux";
description = "Miniflux RSS";
secret = "$pbkdf2-sha512$310000$OPAy.BbYps2sWTt4Broxbg$uB6QZaHK1n7MHheaWhly/cvnNIw4gZbY.BibTCHvodcRAAggSTUA8rTdjzudaKtJZW7Lm4u0j2C2D1VFmRV2Aw";
redirect_uris = [ "https://${domain}/oauth2/oidc/callback" ];
scopes = [
"openid"
"email"
"profile"
];
}
];
}
|
