rename oidcEndpoint option to authEndpoint
This commit is contained in:
parent
54ce26efce
commit
0ae7220c06
8 changed files with 25 additions and 24 deletions
|
@ -467,7 +467,7 @@ shb.hledger = {
|
||||||
enable = true;
|
enable = true;
|
||||||
subdomain = "hledger";
|
subdomain = "hledger";
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
oidcEndpoint = "https://authelia.example.com";
|
authEndpoint = "https://authelia.example.com";
|
||||||
localNetworkIPRange = "192.168.1.0/24";
|
localNetworkIPRange = "192.168.1.0/24";
|
||||||
};
|
};
|
||||||
shb.backup.instances.hledger = # Same as the examples above
|
shb.backup.instances.hledger = # Same as the examples above
|
||||||
|
@ -493,7 +493,7 @@ shb.jellyfin = {
|
||||||
ldapHost = "127.0.0.1";
|
ldapHost = "127.0.0.1";
|
||||||
ldapPort = 3890;
|
ldapPort = 3890;
|
||||||
dcdomain = config.shb.ldap.dcdomain;
|
dcdomain = config.shb.ldap.dcdomain;
|
||||||
oidcEndpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
|
authEndpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
|
||||||
oidcClientID = "jellyfin";
|
oidcClientID = "jellyfin";
|
||||||
oidcUserGroup = "jellyfin_user";
|
oidcUserGroup = "jellyfin_user";
|
||||||
oidcAdminUserGroup = "jellyfin_admin";
|
oidcAdminUserGroup = "jellyfin_admin";
|
||||||
|
|
|
@ -19,9 +19,10 @@ let
|
||||||
example = "mydomain.com";
|
example = "mydomain.com";
|
||||||
};
|
};
|
||||||
|
|
||||||
oidcEndpoint = lib.mkOption {
|
authEndpoint = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
description = "OIDC endpoint for SSO.";
|
description = "Auth endpoint for SSO.";
|
||||||
|
default = null;
|
||||||
example = "https://authelia.example.com";
|
example = "https://authelia.example.com";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -142,8 +143,8 @@ in
|
||||||
# proxy_set_header Cookie $new_cookie;
|
# proxy_set_header Cookie $new_cookie;
|
||||||
|
|
||||||
auth_request_set $redirect $scheme://$http_host$request_uri;
|
auth_request_set $redirect $scheme://$http_host$request_uri;
|
||||||
error_page 401 =302 ${c.oidcEndpoint}?rd=$redirect;
|
error_page 401 =302 ${c.authEndpoint}?rd=$redirect;
|
||||||
error_page 403 = ${c.oidcEndpoint}/error/403;
|
error_page 403 = ${c.authEndpoint}/error/403;
|
||||||
|
|
||||||
proxy_pass ${c.upstream};
|
proxy_pass ${c.upstream};
|
||||||
'';
|
'';
|
||||||
|
@ -151,7 +152,7 @@ in
|
||||||
# Virtual endpoint created by nginx to forward auth requests.
|
# Virtual endpoint created by nginx to forward auth requests.
|
||||||
locations."/authelia".extraConfig = ''
|
locations."/authelia".extraConfig = ''
|
||||||
internal;
|
internal;
|
||||||
proxy_pass ${c.oidcEndpoint}/api/verify;
|
proxy_pass ${c.authEndpoint}/api/verify;
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-Host $host;
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
proxy_set_header X-Original-URI $request_uri;
|
proxy_set_header X-Original-URI $request_uri;
|
||||||
|
|
|
@ -152,7 +152,7 @@ let
|
||||||
default = "/var/lib/${name}";
|
default = "/var/lib/${name}";
|
||||||
};
|
};
|
||||||
|
|
||||||
oidcEndpoint = lib.mkOption {
|
authEndpoint = lib.mkOption {
|
||||||
type = lib.types.nullOr lib.types.str;
|
type = lib.types.nullOr lib.types.str;
|
||||||
default = null;
|
default = null;
|
||||||
description = "Endpoint to the SSO provider. Leave null to not have SSO configured.";
|
description = "Endpoint to the SSO provider. Leave null to not have SSO configured.";
|
||||||
|
@ -297,8 +297,8 @@ config.xml" templatedSettings) "${config.services.radarr.dataDir}/config.xml" (
|
||||||
let
|
let
|
||||||
c = cfg.${name};
|
c = cfg.${name};
|
||||||
in
|
in
|
||||||
lib.mkIf (c.oidcEndpoint != null) {
|
lib.mkIf (c.authEndpoint != null) {
|
||||||
inherit (c) subdomain domain oidcEndpoint;
|
inherit (c) subdomain domain authEndpoint;
|
||||||
upstream = "http://127.0.0.1:${toString c.port}";
|
upstream = "http://127.0.0.1:${toString c.port}";
|
||||||
autheliaRules = [
|
autheliaRules = [
|
||||||
{
|
{
|
||||||
|
|
|
@ -57,7 +57,7 @@ in
|
||||||
example = "/srv/torrents";
|
example = "/srv/torrents";
|
||||||
};
|
};
|
||||||
|
|
||||||
oidcEndpoint = lib.mkOption {
|
authEndpoint = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "OIDC endpoint for SSO";
|
description = "OIDC endpoint for SSO";
|
||||||
example = "https://authelia.example.com";
|
example = "https://authelia.example.com";
|
||||||
|
@ -172,7 +172,7 @@ in
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [
|
shb.nginx.autheliaProtect = [
|
||||||
{
|
{
|
||||||
inherit (cfg) subdomain domain oidcEndpoint;
|
inherit (cfg) subdomain domain authEndpoint;
|
||||||
upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}";
|
upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}";
|
||||||
autheliaRules = [{
|
autheliaRules = [{
|
||||||
domain = fqdn;
|
domain = fqdn;
|
||||||
|
|
|
@ -34,7 +34,7 @@ in
|
||||||
example = "192.168.1.1/24";
|
example = "192.168.1.1/24";
|
||||||
};
|
};
|
||||||
|
|
||||||
oidcEndpoint = lib.mkOption {
|
authEndpoint = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "OIDC endpoint for SSO";
|
description = "OIDC endpoint for SSO";
|
||||||
example = "https://authelia.example.com";
|
example = "https://authelia.example.com";
|
||||||
|
@ -74,7 +74,7 @@ in
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [
|
shb.nginx.autheliaProtect = [
|
||||||
{
|
{
|
||||||
inherit (cfg) subdomain domain oidcEndpoint;
|
inherit (cfg) subdomain domain authEndpoint;
|
||||||
upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}";
|
upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}";
|
||||||
autheliaRules = [{
|
autheliaRules = [{
|
||||||
domain = fqdn;
|
domain = fqdn;
|
||||||
|
|
|
@ -57,7 +57,7 @@ in
|
||||||
default = "Authelia";
|
default = "Authelia";
|
||||||
};
|
};
|
||||||
|
|
||||||
oidcEndpoint = lib.mkOption {
|
authEndpoint = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "OIDC endpoint for SSO";
|
description = "OIDC endpoint for SSO";
|
||||||
example = "https://authelia.example.com";
|
example = "https://authelia.example.com";
|
||||||
|
@ -287,7 +287,7 @@ in
|
||||||
</key>
|
</key>
|
||||||
<value>
|
<value>
|
||||||
<PluginConfiguration>
|
<PluginConfiguration>
|
||||||
<OidEndpoint>${cfg.oidcEndpoint}</OidEndpoint>
|
<OidEndpoint>${cfg.authEndpoint}</OidEndpoint>
|
||||||
<OidClientId>${cfg.oidcClientID}</OidClientId>
|
<OidClientId>${cfg.oidcClientID}</OidClientId>
|
||||||
<OidSecret>%SSO_SECRET%</OidSecret>
|
<OidSecret>%SSO_SECRET%</OidSecret>
|
||||||
<Enabled>true</Enabled>
|
<Enabled>true</Enabled>
|
||||||
|
@ -324,7 +324,7 @@ in
|
||||||
<a href="https://${cfg.subdomain}.${cfg.domain}/SSOViews/linking" class="raised cancel block emby-button authentik-sso">
|
<a href="https://${cfg.subdomain}.${cfg.domain}/SSOViews/linking" class="raised cancel block emby-button authentik-sso">
|
||||||
Link ${cfg.oidcProvider} config&nbsp;
|
Link ${cfg.oidcProvider} config&nbsp;
|
||||||
</a>
|
</a>
|
||||||
<a href="${cfg.oidcEndpoint}" class="raised cancel block emby-button authentik-sso">
|
<a href="${cfg.authEndpoint}" class="raised cancel block emby-button authentik-sso">
|
||||||
${cfg.oidcProvider} config&nbsp;
|
${cfg.oidcProvider} config&nbsp;
|
||||||
</a>
|
</a>
|
||||||
</LoginDisclaimer>
|
</LoginDisclaimer>
|
||||||
|
|
|
@ -45,7 +45,7 @@ in
|
||||||
example = "ldap.example.com";
|
example = "ldap.example.com";
|
||||||
};
|
};
|
||||||
|
|
||||||
oidcEndpoint = lib.mkOption {
|
authEndpoint = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "OIDC endpoint for SSO";
|
description = "OIDC endpoint for SSO";
|
||||||
example = "https://authelia.example.com";
|
example = "https://authelia.example.com";
|
||||||
|
@ -162,7 +162,7 @@ in
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [
|
shb.nginx.autheliaProtect = [
|
||||||
{
|
{
|
||||||
inherit (cfg) subdomain domain oidcEndpoint;
|
inherit (cfg) subdomain domain authEndpoint;
|
||||||
upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||||
autheliaRules = [
|
autheliaRules = [
|
||||||
{
|
{
|
||||||
|
|
|
@ -84,7 +84,7 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
oidcEndpoint = "https://oidc.example.com";
|
authEndpoint = "https://oidc.example.com";
|
||||||
subdomain = "radarr";
|
subdomain = "radarr";
|
||||||
upstream = "http://127.0.0.1:7001";
|
upstream = "http://127.0.0.1:7001";
|
||||||
}
|
}
|
||||||
|
@ -111,7 +111,7 @@ in
|
||||||
subdomain = "radarr";
|
subdomain = "radarr";
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
enable = true;
|
enable = true;
|
||||||
oidcEndpoint = "https://oidc.example.com";
|
authEndpoint = "https://oidc.example.com";
|
||||||
settings = {
|
settings = {
|
||||||
APIKeyFile = "/run/radarr/apikey";
|
APIKeyFile = "/run/radarr/apikey";
|
||||||
};
|
};
|
||||||
|
@ -158,7 +158,7 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
oidcEndpoint = "https://oidc.example.com";
|
authEndpoint = "https://oidc.example.com";
|
||||||
subdomain = "radarr";
|
subdomain = "radarr";
|
||||||
upstream = "http://127.0.0.1:7001";
|
upstream = "http://127.0.0.1:7001";
|
||||||
}
|
}
|
||||||
|
@ -185,7 +185,7 @@ in
|
||||||
subdomain = "radarr";
|
subdomain = "radarr";
|
||||||
domain = "example.com";
|
domain = "example.com";
|
||||||
enable = true;
|
enable = true;
|
||||||
oidcEndpoint = "https://oidc.example.com";
|
authEndpoint = "https://oidc.example.com";
|
||||||
settings = {
|
settings = {
|
||||||
APIKeyFile = "/run/radarr/apikey";
|
APIKeyFile = "/run/radarr/apikey";
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue