hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

rename oidcEndpoint option to authEndpoint

Browse source
This commit is contained in:
Pierre Penninckx 2023-11-30 12:48:57 -08:00 committed by GitHub
parent 54ce26efce
commit 0ae7220c06
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 25 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -467,7 +467,7 @@ shb.hledger = {
enable = true;
subdomain = "hledger";
domain = "example.com";
oidcEndpoint = "https://authelia.example.com";
authEndpoint = "https://authelia.example.com";
localNetworkIPRange = "192.168.1.0/24";
};
shb.backup.instances.hledger = # Same as the examples above
@ -493,7 +493,7 @@ shb.jellyfin = {
ldapHost = "127.0.0.1";
ldapPort = 3890;
dcdomain = config.shb.ldap.dcdomain;
oidcEndpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
authEndpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
oidcClientID = "jellyfin";
oidcUserGroup = "jellyfin_user";
oidcAdminUserGroup = "jellyfin_admin";

13
modules/blocks/nginx.nix
View file

@ -19,9 +19,10 @@ let
example = "mydomain.com";
};
oidcEndpoint = lib.mkOption {
type = lib.types.str;
description = "OIDC endpoint for SSO.";
authEndpoint = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Auth endpoint for SSO.";
default = null;
example = "https://authelia.example.com";
};
@ -142,8 +143,8 @@ in
# proxy_set_header Cookie $new_cookie;
auth_request_set $redirect $scheme://$http_host$request_uri;
error_page 401 =302 ${c.oidcEndpoint}?rd=$redirect;
error_page 403 = ${c.oidcEndpoint}/error/403;
error_page 401 =302 ${c.authEndpoint}?rd=$redirect;
error_page 403 = ${c.authEndpoint}/error/403;
proxy_pass ${c.upstream};
'';
@ -151,7 +152,7 @@ in
# Virtual endpoint created by nginx to forward auth requests.
locations."/authelia".extraConfig = ''
internal;
proxy_pass ${c.oidcEndpoint}/api/verify;
proxy_pass ${c.authEndpoint}/api/verify;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Original-URI $request_uri;

6
modules/services/arr.nix
View file

@ -152,7 +152,7 @@ let
default = "/var/lib/${name}";
};
oidcEndpoint = lib.mkOption {
authEndpoint = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Endpoint to the SSO provider. Leave null to not have SSO configured.";
@ -297,8 +297,8 @@ config.xml" templatedSettings) "${config.services.radarr.dataDir}/config.xml" (
let
c = cfg.${name};
in
lib.mkIf (c.oidcEndpoint != null) {
inherit (c) subdomain domain oidcEndpoint;
lib.mkIf (c.authEndpoint != null) {
inherit (c) subdomain domain authEndpoint;
upstream = "http://127.0.0.1:${toString c.port}";
autheliaRules = [
{

4
modules/services/deluge.nix
View file

@ -57,7 +57,7 @@ in
example = "/srv/torrents";
};
oidcEndpoint = lib.mkOption {
authEndpoint = lib.mkOption {
type = lib.types.str;
description = "OIDC endpoint for SSO";
example = "https://authelia.example.com";
@ -172,7 +172,7 @@ in
shb.nginx.autheliaProtect = [
{
inherit (cfg) subdomain domain oidcEndpoint;
inherit (cfg) subdomain domain authEndpoint;
upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}";
autheliaRules = [{
domain = fqdn;

4
modules/services/hledger.nix
View file

@ -34,7 +34,7 @@ in
example = "192.168.1.1/24";
};
oidcEndpoint = lib.mkOption {
authEndpoint = lib.mkOption {
type = lib.types.str;
description = "OIDC endpoint for SSO";
example = "https://authelia.example.com";
@ -74,7 +74,7 @@ in
shb.nginx.autheliaProtect = [
{
inherit (cfg) subdomain domain oidcEndpoint;
inherit (cfg) subdomain domain authEndpoint;
upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}";
autheliaRules = [{
domain = fqdn;

6
modules/services/jellyfin.nix
View file

@ -57,7 +57,7 @@ in
default = "Authelia";
};
oidcEndpoint = lib.mkOption {
authEndpoint = lib.mkOption {
type = lib.types.str;
description = "OIDC endpoint for SSO";
example = "https://authelia.example.com";
@ -287,7 +287,7 @@ in
</key>
<value>
<PluginConfiguration>
<OidEndpoint>${cfg.oidcEndpoint}</OidEndpoint>
<OidEndpoint>${cfg.authEndpoint}</OidEndpoint>
<OidClientId>${cfg.oidcClientID}</OidClientId>
<OidSecret>%SSO_SECRET%</OidSecret>
<Enabled>true</Enabled>
@ -324,7 +324,7 @@ in
&lt;a href="https://${cfg.subdomain}.${cfg.domain}/SSOViews/linking" class="raised cancel block emby-button authentik-sso"&gt;
Link ${cfg.oidcProvider} config&amp;nbsp;
&lt;/a&gt;
&lt;a href="${cfg.oidcEndpoint}" class="raised cancel block emby-button authentik-sso"&gt;
&lt;a href="${cfg.authEndpoint}" class="raised cancel block emby-button authentik-sso"&gt;
${cfg.oidcProvider} config&amp;nbsp;
&lt;/a&gt;
</LoginDisclaimer>

4
modules/services/vaultwarden.nix
View file

@ -45,7 +45,7 @@ in
example = "ldap.example.com";
};
oidcEndpoint = lib.mkOption {
authEndpoint = lib.mkOption {
type = lib.types.str;
description = "OIDC endpoint for SSO";
example = "https://authelia.example.com";
@ -162,7 +162,7 @@ in
shb.nginx.autheliaProtect = [
{
inherit (cfg) subdomain domain oidcEndpoint;
inherit (cfg) subdomain domain authEndpoint;
upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
autheliaRules = [
{

8
test/modules/arr.nix
View file

@ -84,7 +84,7 @@ in
}
];
domain = "example.com";
oidcEndpoint = "https://oidc.example.com";
authEndpoint = "https://oidc.example.com";
subdomain = "radarr";
upstream = "http://127.0.0.1:7001";
}
@ -111,7 +111,7 @@ in
subdomain = "radarr";
domain = "example.com";
enable = true;
oidcEndpoint = "https://oidc.example.com";
authEndpoint = "https://oidc.example.com";
settings = {
APIKeyFile = "/run/radarr/apikey";
};
@ -158,7 +158,7 @@ in
}
];
domain = "example.com";
oidcEndpoint = "https://oidc.example.com";
authEndpoint = "https://oidc.example.com";
subdomain = "radarr";
upstream = "http://127.0.0.1:7001";
}
@ -185,7 +185,7 @@ in
subdomain = "radarr";
domain = "example.com";
enable = true;
oidcEndpoint = "https://oidc.example.com";
authEndpoint = "https://oidc.example.com";
settings = {
APIKeyFile = "/run/radarr/apikey";
};