mirror of
https://git.sr.ht/~rouven/nixos-config
synced 2025-01-18 17:11:39 +01:00
seafile: configure openid-connect
This commit is contained in:
parent
afc0ea55be
commit
e912f7bb7b
GPG key ID:
B95E8FE6B11C4D09
3 changed files with 30 additions and 1 deletions
|
|
@ -3,13 +3,38 @@ let
|
||||||
domain = "seafile.${config.networking.domain}";
|
domain = "seafile.${config.networking.domain}";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
age.secrets."seafile/oidc-secret" = {
|
||||||
|
file = ../../../../secrets/nuc/seafile/oidc-secret.age;
|
||||||
|
mode = "0440";
|
||||||
|
group = "seafile";
|
||||||
|
};
|
||||||
services.seafile = {
|
services.seafile = {
|
||||||
enable = true;
|
enable = true;
|
||||||
adminEmail = "rouven@rfive.de";
|
adminEmail = "admin@rfive.de";
|
||||||
initialAdminPassword = "unused garbage";
|
initialAdminPassword = "unused garbage";
|
||||||
ccnetSettings.General.SERVICE_URL = "https://${domain}";
|
ccnetSettings.General.SERVICE_URL = "https://${domain}";
|
||||||
ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
|
ccnetSettings.General.FILE_SERVER_ROOT = "https://${domain}/seafhttp";
|
||||||
seafileSettings.fileserver.port = 8083;
|
seafileSettings.fileserver.port = 8083;
|
||||||
|
seahubExtraConf = ''
|
||||||
|
ENABLE_OAUTH = True
|
||||||
|
OAUTH_ENABLE_INSECURE_TRANSPORT = True
|
||||||
|
|
||||||
|
OAUTH_CLIENT_ID = "seafile"
|
||||||
|
with open('${config.age.secrets."seafile/oidc-secret".path}') as f:
|
||||||
|
OAUTH_CLIENT_SECRET = f.readline().rstrip()
|
||||||
|
OAUTH_REDIRECT_URL = 'https://seafile.rfive.de/oauth/callback/'
|
||||||
|
|
||||||
|
OAUTH_PROVIDER_DOMAIN = 'seafile.rfive.de'
|
||||||
|
OAUTH_AUTHORIZATION_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/auth'
|
||||||
|
OAUTH_TOKEN_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/token'
|
||||||
|
OAUTH_USER_INFO_URL = 'https://auth.rfive.de/realms/master/protocol/openid-connect/userinfo'
|
||||||
|
OAUTH_SCOPE = [ "openid", "profile", "email"]
|
||||||
|
OAUTH_ATTRIBUTE_MAP = {
|
||||||
|
"id": (False, "not used"),
|
||||||
|
"name": (False, "full name"),
|
||||||
|
"email": (True, "email"),
|
||||||
|
}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
|
|
@ -24,5 +49,8 @@ in
|
||||||
locations."/media" = {
|
locations."/media" = {
|
||||||
root = pkgs.seahub;
|
root = pkgs.seahub;
|
||||||
};
|
};
|
||||||
|
locations."/accounts/login" = {
|
||||||
|
return = "301 /oauth/login";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ in
|
||||||
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
|
||||||
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
|
||||||
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/cache.age".publicKeys = [ rouven nuc ];
|
||||||
|
"secrets/nuc/seafile/oidc-secret.age".publicKeys = [ rouven nuc ];
|
||||||
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ];
|
||||||
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
|
"secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ];
|
||||||
|
|
||||||
|
|
|
||||||
BIN
secrets/nuc/seafile/oidc-secret.age
Normal file
BIN
secrets/nuc/seafile/oidc-secret.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue