rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-18 17:11:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

seafile: configure openid-connect

Browse source
This commit is contained in:
Rouven Seifert 2024-04-27 20:59:10 +02:00
parent afc0ea55be
commit e912f7bb7b
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
3 changed files with 30 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
hosts/nuc/modules/seafile/default.nix
View file

@ -3,13 +3,38 @@ let
domain = "seafile.${config.networking.domain}";
in
{
age.secrets."seafile/oidc-secret" = {
file = ../../../../secrets/nuc/seafile/oidc-secret.age;
mode = "0440";
group = "seafile";
};
services.seafile = {
enable = true;
adminEmail = "rouven@rfive.de";
adminEmail = "admin@rfive.de";
initialAdminPassword = "unused garbage";
ccnetSettings.General.SERVICE_URL = "https://${domain}";
ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
seafileSettings.fileserver.port = 8083;
seahubExtraConf = ''
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
OAUTH_CLIENT_ID = "seafile"
with open('${config.age.secrets."seafile/oidc-secret".path}') as f:
OAUTH_CLIENT_SECRET = f.readline().rstrip()
OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de'
OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/auth'
OAUTH_TOKEN_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/token'
OAUTH_USER_INFO_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/userinfo'
OAUTH_SCOPE = [ "openid", "profile", "email"]
OAUTH_ATTRIBUTE_MAP = {
"id": (False, "not used"),
"name": (False, "full name"),
"email": (True, "email"),
}
'';
};
services.nginx.virtualHosts."${domain}" = {
locations."/" = {
@ -24,5 +49,8 @@ in
locations."/media" = {
root = pkgs.seahub;
};
locations."/accounts/login" = {
return = "301 /oauth/login";
};
};
}

1
secrets.nix
View file

@ -22,6 +22,7 @@ in
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
"secrets/nuc/seafile/oidc-secret.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];

BIN
secrets/nuc/seafile/oidc-secret.age Normal file
View file

Binary file not shown.